3 .\" Manual page created by:
5 .\" Guus Sliepen <guus@tinc-vpn.org>
12 .Op Fl -config Ns = Ns Ar DIR
14 .Op Fl -debug Ns Op = Ns Ar LEVEL
15 .Op Fl -net Ns = Ns Ar NETNAME
17 .Op Fl -logfile Ns Op = Ns Ar FILE
18 .Op Fl -bypass-security
20 .Op Fl -user Ns = Ns Ar USER
24 This is the daemon of tinc, a secure virtual private network (VPN) project.
27 will read it's configuration file to determine what virtual subnets it has to serve
28 and to what other tinc daemons it should connect.
29 It will connect to the ethertap or tun/tap device
30 and set up a socket for incoming connections.
31 Optionally a script will be executed to further configure the virtual device.
33 it will detach from the controlling terminal and continue in the background,
34 accepting and setting up connections to other tinc daemons
35 that are part of the virtual private network.
36 Under Windows (not Cygwin) tinc will install itself as a service,
37 which will be restarted automatically after reboots.
39 .Bl -tag -width indent
40 .It Fl c, -config Ns = Ns Ar DIR
41 Read configuration files from
44 .Pa @sysconfdir@/tinc/ .
46 Don't fork and detach.
47 This will also disable the automatic restart mechanism for fatal errors.
48 If not mentioned otherwise, this will show log messages on the standard error output.
49 .It Fl d, -debug Ns Op = Ns Ar LEVEL
50 Increase debug level or set it to
53 .It Fl n, -net Ns = Ns Ar NETNAME
56 This will let tinc read all configuration files from
57 .Pa @sysconfdir@/tinc/ Ar NETNAME .
62 is the same as not specifying any
65 Lock tinc into main memory.
66 This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
67 .It Fl -logfile Ns Op = Ns Ar FILE
68 Write log entries to a file instead of to the system logging facility.
71 is omitted, the default is
72 .Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
73 .It Fl -pidfile Ns = Ns Ar FILENAME
81 is omitted, the default is
82 .Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
83 .It Fl -bypass-security
84 Disables encryption and authentication of the meta protocol.
85 Only useful for debugging.
87 With this option tinc chroots into the directory where network
88 config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
89 or to the directory specified with -c option) after initialization.
90 .It Fl U, -user Ns = Ns Ar USER
91 setuid to the specified
95 Display short list of options.
97 Output version information and exit.
100 .Bl -tag -width indent
104 to try to connect to all uplinks immediately.
107 attempts to do this itself,
108 but increases the time it waits between the attempts each time it failed,
111 didn't succeed to connect to an uplink the first time after it started,
112 it defaults to the maximum time of 15 minutes.
114 Partially rereads configuration files.
115 Connections to hosts whose host config file are removed are closed.
116 New outgoing connections specified in
121 option is used, this will also close and reopen the log file,
122 useful when log rotation is used.
125 The tinc daemon can send a lot of messages to the syslog.
126 The higher the debug level,
127 the more messages it will log.
128 Each level inherits all messages of the previous level:
129 .Bl -tag -width indent
131 This will log a message indicating
133 has started along with a version number.
134 It will also log any serious error.
136 This will log all connections that are made with other tinc daemons.
138 This will log status and error messages from scripts and other tinc daemons.
140 This will log all requests that are exchanged with other tinc daemons. These include
141 authentication, key exchange and connection list updates.
143 This will log a copy of everything received on the meta socket.
145 This will log all network traffic over the virtual private network.
148 .Bl -tag -width indent
149 .It Pa @sysconfdir@/tinc/
150 Directory containing the configuration files tinc uses.
151 For more information, see
153 .It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid
154 The PID of the currently running
156 is stored in this file.
161 option may not work correctly.
163 .Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
165 If you find any bugs, report them to tinc@tinc-vpn.org.
167 A lot, especially security auditing.
171 .Pa http://www.tinc-vpn.org/ ,
172 .Pa http://www.cabal.org/ .
174 The full documentation for tinc is maintained as a Texinfo manual.
175 If the info and tinc programs are properly installed at your site,
178 should give you access to the complete manual.
180 tinc comes with ABSOLUTELY NO WARRANTY.
181 This is free software, and you are welcome to redistribute it under certain conditions;
182 see the file COPYING for details.
185 .An "Guus Sliepen" Aq guus@tinc-vpn.org
187 And thanks to many others for their contributions to tinc!