.Op Fl cn
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -net Ns = Ns Ar NETNAME
-.Op Fl -controlcookie Ns = Ns Ar FILENAME
+.Op Fl -pidfile Ns = Ns Ar FILENAME
.Op Fl -help
.Op Fl -version
.Ar COMMAND
.It Fl n, -net Ns = Ns Ar NETNAME
Communicate with tincd(8) connected with
.Ar NETNAME .
-.It Fl -controlcookie Ns = Ns Ar FILENAME
+.It Fl -pidfile Ns = Ns Ar FILENAME
Use the cookie from
.Ar FILENAME
to authenticate with a running tinc daemon.
If unspecified, the default is
-.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .cookie.
+.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
.It Fl -help
Display short list of options.
.It Fl -version
Output version information and exit.
.El
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -width indent
+.It Ev NETNAME
+If no netname is specified on the command line with the
+.Fl n
+option, the value of this environment variable is used.
+.El
.Sh COMMANDS
.zZ
.Bl -tag -width indent
+.It init Op Ar name
+Create initial configuration files and RSA and ECDSA keypairs with default length.
+If no
+.Ar name
+for this node is given, it will be asked for.
+.It config Oo set Oc Ar variable Ar value
+Set configuration variable
+.Ar variable
+to the given
+.Ar value .
+All previously existing configuration variables with the same name are removed.
+To set a variable for a specific host, use the notation
+.Ar host Ns Li . Ns Ar variable .
+.It config add Ar variable Ar value
+As above, but without removing any previously existing configuration variables.
+.It config del Ar variable Op Ar value
+Remove configuration variables with the same name and
+.Ar value .
+If no
+.Ar value
+is given, all configuration variables with the same name will be removed.
+.It edit Ar filename
+Start an editor for the given configuration file.
+You do not need to specify the full path to the file.
.It start
Start
.Xr tincd 8 .
Shows the PID of the currently running
.Xr tincd 8 .
.It generate-keys Op bits
+Generate both RSA and ECDSA keypairs (see below) and exit.
+.It generate-ecdsa-keys
+Generate public/private ECDSA keypair and exit.
+.It generate-rsa-keys Op bits
Generate public/private RSA keypair and exit.
If
.Ar bits
-is omitted, the default length will be 1024 bits.
+is omitted, the default length will be 2048 bits.
When saving keys to existing files, tinc will not delete the old keys;
you have to remove them manually.
.It dump nodes
.It debug Ar N
Sets debug level to
.Ar N .
+.It log Op Ar N
+Capture log messages from a running tinc daemon.
+An optional debug level can be given that will be applied only for log messages sent to
+.Nm tincctl .
.It retry
Forces
.Xr tincd 8
tincctl -n vpn dump graph | circo -Txlib
tincctl -n vpn pcap | tcpdump -r -
tincctl -n vpn top
+.Pp
.Ed
+Example of configuring tinc using
+.Nm :
+.Bd -literal -offset indent
+tincctl -n vpn init foo
+tincctl -n vpn config Subnet 192.168.1.0/24
+tincctl -n vpn config bar.Address bar.example.com
+tincctl -n vpn config ConnectTo bar
.Sh TOP
The top command connects to a running tinc daemon and repeatedly queries its per-node traffic counters.
It displays a list of all the known nodes in the left-most column,