-.TH TINC 5 "May 2000" "tinc version 1.0" "FSF"
+.TH TINC 5 "Jan 2001" "tinc version 1.0pre4" "FSF"
.SH NAME
-tincd.conf \- tinc daemon configuration
+tinc.conf \- tinc daemon configuration
.SH "DESCRIPTION"
The files in the \fI/etc/tinc\fR directory contain runtime and
-security information for the \fBtinc\fR(8) daemon.
+security information for the \fBtincd\fR(8) daemon.
.PP
.SH "NETWORKS"
It is perfectly ok for you to run more than one tinc daemon. However,
option. In this case, the network name would just be empty, and it
will be used as such. tinc now looks for files in \fI/etc/tinc/\fR,
instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be
-\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be
+\fI/etc/tinc/tinc.conf\fR, and the passphrases are now expected to be
in \fI/etc/tinc/passphrases/\fR.
But it is highly recommended that you use this feature of tinc,
identification. The name has to be declared in the
\fI/etc/tinc/\fBnn\fI/tinc.conf\fR file.
-To make things easy, choose something that will give unique names to
-your tinc daemon(s): hostnames, owner surnames, location.
+To make things easy, choose something that will give unique and easy
+to rememebr names to your tinc daemon(s).
+You could try things like hostnames, owner surnames or location names.
.PP
.SH "PUBLIC/PRIVATE KEYS"
You should use \fBtincd --generate-keys\fR to generate public/private
.PP
.SH "SERVER CONFIGURATION"
The server configuration of the daemon is done in the file
-\fI/etc/tinc/\fBnn\fI/tincd.conf\fR.
+\fI/etc/tinc/\fBnn\fI/tinc.conf\fR.
This file consists of comments (lines started with a \fB#\fR) or
assignments in the form of
This does not affect resolving hostnames to IP addresses from the
host configuration files.
.TP
-\fBInterface\fR = <\fIdevice\fR> (optional)
-If you have more than one network interface in your computer, tinc will by
-default listen on all of them for incoming connections. It is possible to
-bind tinc to a single interface like eth0 or ppp0 with this variable.
-.TP
-\fBInterfaceIP\fR = <\fIlocal address\fR> (optional)
-If your computer has more than one IP address on a single interface (for example
-if you are running virtual hosts), tinc will by default listen on all of them for
-incoming connections. It is possible to bind tinc to a single IP address with
-this variable. It is still possible to listen on several interfaces at the same
-time though, if they share the same IP address.
-.TP
\fBKeyExpire\fR = <\fIseconds\fR> (3600)
This option controls the time the encryption keys used to encrypt the data
are valid. It is common practice to change keys at regular intervals to
same amount of seconds, the connection is terminated, and the others
will be notified of this.
.TP
-\fBPrivateKey\fR = <\fIkey\fR> (required)
+\fBPrivateKey\fR = <\fIkey\fR>
The private RSA key of this tinc daemon. It will allow this tinc daemon to
authenticate itself to other daemons.
.TP
+\fBPrivateKeyFile\fR = <\fIfilename\fR>
+The file in which the private RSA key of this tinc daemon resides.
+
+Note that there must be exactly one of \fBPrivateKey\fR or \fBPrivateKeyFile\fR
+specified in the configuration file.
+.TP
\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0)
The ethertap or tun/tap device to use. tinc will automatically detect what
kind of tapdevice it is.
\fBPort\fR = <\fIport number\fR> (655)
The port on which this tinc daemon is listening for incoming connections.
.TP
-\fBPublicKey\fR = <\fIkey\fR> (required)
+\fBPublicKey\fR = <\fIkey\fR>
The public RSA key of this tinc daemon. It will be used to cryptographically
verify it's identity and to set up a secure connection.
.TP
+\fBPublicKeyFile\fR = <\fIfilename\fR>
+The file in which the public RSA key of this tinc daemon resides.
+
+Note that there must be exactly one of \fBPublicKey\fR or \fBPublicKeyFile\fR
+specified in each host configuration file, if you want to be able to establish
+a connection with that host.
+.TP
\fBSubnet\fR = <\fIaddress/masklength\fR> (optional)
The subnet which this tinc daemon will serve. tinc tries to look up which other
daemon it should send a packet to by searching the appropiate subnet. If the