-.Dd 2002-03-25
+.Dd 2009-05-18
.Dt TINCD 8
.\" Manual page created by:
.\" Ivo Timmermans
.Nd tinc VPN daemon
.Sh SYNOPSIS
.Nm
-.Op Fl cdDkKnL
+.Op Fl cdDkKnLRU
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -no-detach
.Op Fl -debug Ns Op = Ns Ar LEVEL
.Op Fl -logfile Ns Op = Ns Ar FILE
.Op Fl -pidfile Ns = Ns Ar FILE
.Op Fl -bypass-security
+.Op Fl -chroot
+.Op Fl -user Ns = Ns Ar USER
.Op Fl -help
.Op Fl -version
.Sh DESCRIPTION
.It Fl n, -net Ns = Ns Ar NETNAME
Connect to net
.Ar NETNAME .
+This will let tinc read all configuration files from
+.Pa @sysconfdir@/tinc/ Ar NETNAME .
+Specifying
+.Li .
+for
+.Ar NETNAME
+is the same as not specifying any
+.Ar NETNAME .
.It Fl K, -generate-keys Ns Op = Ns Ar BITS
Generate public/private RSA keypair and exit.
If
.Ar BITS
-is omitted, the default length will be 1024 bits.
+is omitted, the default length will be 2048 bits.
When saving keys to existing files, tinc will not delete the old keys,
you have to remove them manually.
.It Fl L, -mlock
.It Fl -bypass-security
Disables encryption and authentication of the meta protocol.
Only useful for debugging.
+.It Fl R, -chroot
+With this option tinc chroots into the directory where network
+config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
+or to the directory specified with -c option) after initialization.
+.It Fl U, -user Ns = Ns Ar USER
+setuid to the specified
+.Ar USER
+after initialization.
.It Fl -help
Display short list of options.
.It Fl -version