+@c ==================================================================
+@node How to configure, , Host configuration variables, Configuration files
+@subsection How to configure
+
+@subsubheading Step 1. Creating the main configuration file
+
+The main configuration file will be called @file{/etc/tinc/netname/tinc.conf}.
+Adapt the following example to create a basic configuration file:
+
+@example
+Name = @emph{yourname}
+Device = @emph{/dev/tap0}
+PrivateKeyFile = /etc/tinc/@emph{netname}/rsa_key.priv
+@end example
+
+Then, if you know to which other tinc daemon(s) yours is going to connect,
+add `ConnectTo' values.
+
+@subsubheading Step 2. Creating your host configuration file
+
+If you added a line containing `Name = yourname' in the main configuarion file,
+you will need to create a host configuration file @file{/etc/tinc/netname/hosts/yourname}.
+Adapt the following example to create a host configuration file:
+
+@example
+Address = @emph{your.real.hostname.org}
+Subnet = @emph{192.168.1.0/24}
+@end example
+
+You can also use an IP address instead of a hostname.
+The `Subnet' specifies the address range that is local for @emph{your part of the VPN only}.
+If you have multiple address ranges you can specify more than one `Subnet'.
+You might also need to add a `Port' if you want your tinc daemon to run on a different port number than the default (655).
+
+
+@c ==================================================================
+@node Generating keypairs, Network interfaces, Configuration files, Configuration
+@section Generating keypairs
+
+@cindex key generation
+Now that you have already created the main configuration file and your host configuration file,
+you can easily create a public/private keypair by entering the following command:
+
+@example
+tincd -n @emph{netname} -K
+@end example
+
+tinc will generate a public and a private key and ask you where to put them.
+Just press enter to accept the defaults.
+
+
+@c ==================================================================
+@node Network interfaces, Example configuration, Generating keypairs, Configuration
+@section Network interfaces
+
+Before tinc can start transmitting data over the tunnel, it must
+set up the virtual network interface.
+
+First, decide which IP addresses you want to have associated with these
+devices, and what network mask they must have.
+
+tinc will open a virtual network device (@file{/dev/tun}, @file{/dev/tap0} or similar),
+which will also create a network interface called something like `tun0', `tap0', or,
+if you are using the Linux tun/tap driver, the network interface will by default have the same name as the netname.
+
+@cindex tinc-up
+You can configure the network interface by putting ordinary ifconfig, route, and other commands
+to a script named @file{/etc/tinc/netname/tinc-up}. When tinc starts, this script
+will be executed. When tinc exits, it will execute the script named
+@file{/etc/tinc/netname/tinc-down}, but normally you don't need to create that script.
+
+An example @file{tinc-up} script:
+
+@example
+#!/bin/sh
+ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
+ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
+ifconfig $INTERFACE -arp
+@end example
+
+@cindex MAC address
+@cindex hardware address
+The first line sets up the MAC address of the network interface.
+Due to the nature of how Ethernet and tinc work, it has to be set to fe:fd:0:0:0:0
+for tinc to work in it's normal mode.
+If you configured tinc to work in `switch' or `hub' mode, the hardware address should instead
+be set to a unique address instead of fe:fd:0:0:0:0.
+
+You can use the environment variable $INTERFACE to get the name of the interface.
+However, this might not be reliable. If in doubt, use the name of the interface explicitly.
+
+@cindex ifconfig
+The next line gives the interface an IP address and a netmask.
+The kernel will also automatically add a route to this interface, so normally you don't need
+to add route commands to the @file{tinc-up} script.
+The kernel will also bring the interface up after this command.
+@cindex netmask
+The netmask is the mask of the @emph{entire} VPN network, not just your
+own subnet.
+
+@cindex arp
+The last line tells the kernel not to use ARP on that interface.
+Again this has to do with how Ethernet and tinc work.
+Use this option only if you are running tinc under Linux and are using tinc's normal routing mode.
+