+.TP
+\fBAddress\fR = <\fIIP address\fR> [recommended]
+The real address or hostname of this tinc daemon.
+.TP
+\fBIndirectData\fR = <\fIyes\fR|\fIno\fR> (no) [experimental]
+This option specifies whether other tinc daemons besides the one you
+specified with ConnectTo can make a direct connection to you. This is
+especially useful if you are behind a firewall and it is impossible to
+make a connection from the outside to your tinc daemon. Otherwise, it
+is best to leave this option out or set it to no.
+.TP
+\fBPort\fR = <\fIport number\fR> (655)
+The port on which this tinc daemon is listening for incoming connections.
+.TP
+\fBPublicKey\fR = <\fIkey\fR> [obsolete]
+The public RSA key of this tinc daemon. It will be used to cryptographically
+verify it's identity and to set up a secure connection.
+.TP
+\fBPublicKeyFile\fR = <\fIfilename\fR> [obsolete]
+The file in which the public RSA key of this tinc daemon resides.
+
+From version 1.0pre4 on tinc will store the public key directly into the
+host configuration file in PEM format, the above two options then are not
+necessary. Either the PEM format is used, or exactly
+one of the above two options must be specified
+in each host configuration file, if you want to be able to establish a
+connection with that host.
+.TP
+\fBSubnet\fR = <\fIaddress/masklength\fR>
+The subnet which this tinc daemon will serve. tinc tries to look up which other
+daemon it should send a packet to by searching the appropiate subnet. If the
+packet matches a subnet, it will be sent to the daemon who has this subnet in his
+host configuration file. Multiple subnet lines can be specified.
+
+At the moment, this directive is only used in the host configuration file of
+the local tinc daemon itself. In upcoming versions of tinc, it will be possible to
+restrict other hosts in which subnets they server.
+
+The subnets must be in a form like \fI192.168.1.0/24\fR, where 192.168.1.0 is the
+network address and 24 is the number of bits set in the netmask. Note that subnets
+like \fI192.168.1.1/24\fR are invalid! Read a networking howto/FAQ/guide if you
+don't understand this.
+.TP
+\fBTCPonly\fR = <\fIyes\fR|\fIno\fR> (no) [experimental]
+If this variable is set to yes, then the packets are tunnelled over a
+TCP connection instead of a UDP connection. This is especially useful
+for those who want to run a tinc daemon from behind a masquerading
+firewall, or if UDP packet routing is disabled somehow. This is
+experimental code, try this at your own risk. It may not work at all.
+Setting this options also implicitly sets IndirectData.