-This version of tinc supports multiple virtual networks at once. To use this
-feature, you may supply a netname via the -n or --net options. The standard
-locations for the config files will then be /etc/tinc/<net>/. Because of this
-feature, tinc will send packets directly to their destinations, instead of to
-the uplink. If this behaviour is undesirable (for instance because of firewalls
-or other restrictions), please use an older version of tinc (I would recommend
-tinc-0.2.19).
-
-In order to force the kernel to accept received packets, the destination MAC
-address will be set to FE:FD:00:00:00:00 upon reception. The MAC address of the
-ethertap or tun/tap interface must also be set to this address. See the manual
-for more detailed information.
-
-tincd regenerates its encryption key pairs. It does this on the first activity
-after the keys have expired. This period is adjustable in the configuration
-file, and the default time is 3600 seconds (one hour).
-
-This version supports multiple subnets at once. They are also sorted on subnet
-mask size. This means that it is possible to have overlapping subnets on the
-VPN, as long as their subnet mask sizes differ.
+Tinc is a peer-to-peer VPN daemon that supports VPNs with an arbitrary number
+of nodes. Instead of configuring tunnels, you give tinc the location and
+public key of a few nodes in the VPN. After making the initial connections to
+those nodes, tinc will learn about all other nodes on the VPN, and will make
+connections automatically. When direct connections are not possible, data will
+be forwarded by intermediate nodes.
+
+Tinc 1.1 support two protocols. The first is a legacy protocol that provides
+backwards compatibility with tinc 1.0 nodes, and which by default uses 2048 bit
+RSA keys for authentication, and encrypts traffic using AES256 in CBC mode
+and HMAC-SHA256. The second is a new protocol which uses Curve25519 keys for
+authentication, and encrypts traffic using Chacha20-Poly1305, and provides
+forward secrecy.
+
+Tinc fully supports IPv6.
+
+Tinc can operate in several routing modes. In the default mode, "router", every
+node is associated with one or more IPv4 and/or IPv6 Subnets. The other two
+modes, "switch" and "hub", let the tinc daemons work together to form a virtual
+Ethernet network switch or hub.
+
+Normally, when started tinc will detach and run in the background. In a native
+Windows environment this means tinc will install itself as a service, which will
+restart after reboots. To prevent tinc from detaching or running as a service,
+use the -D option.
+
+The status of the VPN can be queried using the "tinc" command, which connects
+to a running tinc daemon via a control connection. The same tool also makes it
+easy to start and stop tinc, and to change its configuration.