@subsection libcurses
@cindex libcurses
-For the "tincctl top" command, tinc requires a curses library.
+For the "tinc top" command, tinc requires a curses library.
If this library is not installed, you wil get an error when running the
configure script. You can either install a suitable curses library, or disable
@subsection libreadline
@cindex libreadline
-For the "tincctl" command's shell functionality, tinc uses the readline library.
+For the "tinc" command's shell functionality, tinc uses the readline library.
If this library is not installed, you wil get an error when running the
configure script. You can either install a suitable readline library, or
proceed in the following order:
First, create the initial configuration files and public/private keypairs using the following command:
@example
-tincctl -n @var{NETNAME} init @var{NAME}
+tinc -n @var{NETNAME} init @var{NAME}
@end example
-Second, use @samp{tincctl -n @var{NETNAME} config ...} to further configure tinc.
-Finally, export your host configuration file using @samp{tincctl -n @var{NETNAME} export} and send it to those
+Second, use @samp{tinc -n @var{NETNAME} config ...} to further configure tinc.
+Finally, export your host configuration file using @samp{tinc -n @var{NETNAME} export} and send it to those
people or computers you want tinc to connect to.
-They should send you their host configuration file back, which you can import using @samp{tincctl -n @var{NETNAME} import}.
+They should send you their host configuration file back, which you can import using @samp{tinc -n @var{NETNAME} import}.
These steps are described in the subsections below.
but it is recommended that you choose one anyway.
We will asume you use a netname throughout this document.
-This means that you call tincctl with the -n argument,
+This means that you call tinc with the -n argument,
which will specify the netname.
The effect of this option is that tinc will set its configuration
makes it easy to exchange with other nodes.
You can edit the config file manually, but it is recommended that you use
-tincctl to change configuration variables for you.
+tinc to change configuration variables for you.
In the following two subsections all valid variables are listed in alphabetical order.
The default value is given between parentheses,
Ephemeral ECDH will be used for key exchanges,
and ECDSA will be used instead of RSA for authentication.
When enabled, an ECDSA key must have been generated before with
-@samp{tincctl generate-ecdsa-keys}.
+@samp{tinc generate-ecdsa-keys}.
The experimental protocol may change at any time,
and there is no guarantee that tinc will run stable when it is used.
@cindex PrivateKeyFile
@item PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv})
This is the full path name of the RSA private key file that was
-generated by @samp{tincctl generate-keys}. It must be a full path, not a
+generated by @samp{tinc generate-keys}. It must be a full path, not a
relative directory.
@cindex ProcessPriority
@cindex PublicKeyFile
@item PublicKeyFile = <@var{path}> [obsolete]
This is the full path name of the RSA public key file that was generated
-by @samp{tincctl generate-keys}. It must be a full path, not a relative
+by @samp{tinc generate-keys}. It must be a full path, not a relative
directory.
@cindex PEM format
The initial directory structure, configuration files and public/private keypairs are created using the following command:
@example
-tincctl -n @var{netname} init @var{name}
+tinc -n @var{netname} init @var{name}
@end example
(You will need to run this as root, or use "sudo".)
Then you should run the following command:
@example
-tincctl -n @var{netname} config add subnet 192.168.2.0/24
+tinc -n @var{netname} config add subnet 192.168.2.0/24
@end example
This will add a Subnet statement to your host configuration file.
For example, if you also use the IPv6 subnet fec0:0:0:2::/64, you can add it as well:
@example
-tincctl -n @var{netname} config add subnet fec0:0:0:2::/24
+tinc -n @var{netname} config add subnet fec0:0:0:2::/24
@end example
This will add another line to the file @file{hosts/@var{name}}.
For example, if your hostname is foo.example.org, run:
@example
-tincctl -n @var{netname} config add address foo.example.org
+tinc -n @var{netname} config add address foo.example.org
@end example
If you already know to which daemons your daemon should make meta-connections,
Suppose you want to connect to a daemon named "bar", run:
@example
-tincctl -n @var{netname} config add connectto bar
+tinc -n @var{netname} config add connectto bar
@end example
Note that you specify the Name of the other daemon here, not an IP address or hostname!
(assuming the owner of bar has the email address bar@@example.org):
@example
-tincctl -n @var{netname} export | mail -s "My config file" bar@@example.org
+tinc -n @var{netname} export | mail -s "My config file" bar@@example.org
@end example
If the owner of bar does the same to send his host configuration file to you,
or you can just start this command in a terminal and copy&paste the email:
@example
-tincctl -n @var{netname} import
+tinc -n @var{netname} import
@end example
If you are the owner of bar yourself, and you have SSH access to that computer,
you can also swap the host configuration files using the following command:
@example
-tincctl -n @var{netname} export \
- | ssh bar.example.org tincctl -n @var{netname} exchange \
- | tincctl -n @var{netname} import
+tinc -n @var{netname} export \
+ | ssh bar.example.org tinc -n @var{netname} exchange \
+ | tinc -n @var{netname} import
@end example
You should repeat this for all nodes you ConnectTo, or which ConnectTo you.
You can manually open the script in an editor, or use the following command:
@example
-tincctl -n @var{netname} edit tinc-up
+tinc -n @var{netname} edit tinc-up
@end example
An example @file{tinc-up} script, that would be appropriate for the scenario in the previous section, is:
how these example host is set up. All branches use the netname `company'
for this particular VPN.
-Each branch is set up using the @samp{tincctl init} and @samp{tincctl config} commands,
+Each branch is set up using the @samp{tinc init} and @samp{tinc config} commands,
here we just show the end results:
@subsubheading For Branch A
If everything else is done, you can start tinc by typing the following command:
@example
-tincctl -n @var{netname} start
+tinc -n @var{netname} start
@end example
@cindex daemon
@xref{Multiple networks}.
@item --pidfile=@var{filename}
-Store a cookie in @var{filename} which allows tincctl to authenticate.
+Store a cookie in @var{filename} which allows tinc to authenticate.
If unspecified, the default is
@file{@value{localstatedir}/run/tinc.@var{netname}.pid}.
@node Controlling tinc
@chapter Controlling tinc
-You can control and inspect a running tincd through the tincctl
+You can control and inspect a running tincd through the tinc
command. A quick example:
@example
-tincctl -n @var{netname} reload
+tinc -n @var{netname} reload
@end example
@menu
-* tincctl runtime options::
-* tincctl environment variables::
-* tincctl commands::
-* tincctl examples::
-* tincctl top::
+* tinc runtime options::
+* tinc environment variables::
+* tinc commands::
+* tinc examples::
+* tinc top::
@end menu
@c ==================================================================
-@node tincctl runtime options
-@section tincctl runtime options
+@node tinc runtime options
+@section tinc runtime options
@c from the manpage
@table @option
@end table
@c ==================================================================
-@node tincctl environment variables
-@section tincctl environment variables
+@node tinc environment variables
+@section tinc environment variables
@table @env
@cindex NETNAME
@end table
@c ==================================================================
-@node tincctl commands
-@section tincctl commands
+@node tinc commands
+@section tinc commands
@c from the manpage
@table @code
Export all host configuration files to standard output.
@item import [--force]
-Import host configuration file(s) generated by the tincctl export command from standard input.
+Import host configuration file(s) generated by the tinc export command from standard input.
Already existing host configuration files are not overwritten unless the option --force is used.
@item exchange [--force]
@item log [@var{level}]
Capture log messages from a running tinc daemon.
-An optional debug level can be given that will be applied only for log messages sent to tincctl.
+An optional debug level can be given that will be applied only for log messages sent to tinc.
@item retry
Forces tinc to try to connect to all uplinks immediately.
Closes the meta connection with the given @var{node}.
@item top
-If tincctl is compiled with libcurses support, this will display live traffic statistics for all the known nodes,
+If tinc is compiled with libcurses support, this will display live traffic statistics for all the known nodes,
similar to the UNIX top command.
See below for more information.
@end table
@c ==================================================================
-@node tincctl examples
-@section tincctl examples
+@node tinc examples
+@section tinc examples
Examples of some commands:
@example
-tincctl -n vpn dump graph | circo -Txlib
-tincctl -n vpn pcap | tcpdump -r -
-tincctl -n vpn top
+tinc -n vpn dump graph | circo -Txlib
+tinc -n vpn pcap | tcpdump -r -
+tinc -n vpn top
@end example
-Example of configuring tinc using tincctl:
+Example of configuring tinc using the tinc command:
@example
-tincctl -n vpn init foo
-tincctl -n vpn config Subnet 192.168.1.0/24
-tincctl -n vpn config bar.Address bar.example.com
-tincctl -n vpn config ConnectTo bar
-tincctl -n vpn export | gpg --clearsign | mail -s "My config" vpnmaster@@example.com
+tinc -n vpn init foo
+tinc -n vpn config Subnet 192.168.1.0/24
+tinc -n vpn config bar.Address bar.example.com
+tinc -n vpn config ConnectTo bar
+tinc -n vpn export | gpg --clearsign | mail -s "My config" vpnmaster@@example.com
@end example
@c ==================================================================
-@node tincctl top
-@section tincctl top
+@node tinc top
+@section tinc top
The top command connects to a running tinc daemon and repeatedly queries its per-node traffic counters.
It displays a list of all the known nodes in the left-most column,
projects / tinc / commitdiff