Next: , Up: Running tinc   [Contents][Index]

5.1 Runtime options

Besides the settings in the configuration file, tinc also accepts some command line options.

-c, --config=path

Read configuration options from the directory path. The default is /etc/tinc/netname/.

-D, --no-detach

Don’t fork and detach. This will also disable the automatic restart mechanism for fatal errors.

-d, --debug=level

Set debug level to level. The higher the debug level, the more gets logged. Everything goes via syslog.

-k, --kill[=signal]

Attempt to kill a running tincd (optionally with the specified signal instead of SIGTERM) and exit. Use it in conjunction with the -n option to make sure you kill the right tinc daemon. Under native Windows the optional argument is ignored, the service will always be stopped and removed.

-n, --net=netname

Use configuration for net netname. This will let tinc read all configuration files from /etc/tinc/netname/. Specifying . for netname is the same as not specifying any netname. See Multiple networks.

-K, --generate-keys[=bits]

Generate public/private keypair of bits length. If bits is not specified, 2048 is the default. tinc will ask where you want to store the files, but will default to the configuration directory (you can use the -c or -n option in combination with -K). After that, tinc will quit.

-o, --option=[HOST.]KEY=VALUE

Without specifying a HOST, this will set server configuration variable KEY to VALUE. If specified as HOST.KEY=VALUE, this will set the host configuration variable KEY of the host named HOST to VALUE. This option can be used more than once to specify multiple configuration variables.

-L, --mlock

Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.


Write log entries to a file instead of to the system logging facility. If file is omitted, the default is /var/log/tinc.netname.log.


Write PID to file instead of /var/run/


Disables encryption and authentication. Only useful for debugging.

-R, --chroot

Change process root directory to the directory where the config file is located (/etc/tinc/netname/ as determined by -n/–net option or as given by -c/–config option), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.

This option is best used in combination with the -U/–user option described below.

You will need to ensure the chroot environment contains all the files necessary for tinc to run correctly. Most importantly, for tinc to be able to resolve hostnames inside the chroot environment, you must copy /etc/resolv.conf into the chroot directory. If you want to be able to run scripts other than tinc-up in the chroot, you must ensure the appropriate shell is also installed in the chroot, along with all its dependencies.

-U, --user=user

Switch to the given user after initialization, at the same time as chroot is performed (see –chroot above). With this option tinc drops privileges, for added security.


Display a short reminder of these runtime options and terminate.


Output version information and exit.

Next: , Up: Running tinc   [Contents][Index]