.Sh INITIAL CONFIGURATION
If you have not configured tinc yet, you can easily create a basic configuration using the following command:
.Bd -literal -offset indent
-.Nm tincctl Fl n Ar NETNAME Li init Ar NAME
+.Nm tinc Fl n Ar NETNAME Li init Ar NAME
.Ed
.Pp
You can further change the configuration as needed either by manually editing the configuration files,
or by using
-.Xr tincctl 8 .
+.Xr tinc 8 .
.Sh PUBLIC/PRIVATE KEYS
The
-.Nm tincctl Li init
+.Nm tinc Li init
command will have generated both RSA and ECDSA public/private keypairs.
The private keys should be stored in files named
.Pa rsa_key.priv
If you are upgrading from version 1.0 to 1.1, you can keep the old configuration files,
but you will need to create ECDSA keys using the following command:
.Bd -literal -offset indent
-.Nm tincctl Fl n Ar NETNAME Li generate-ecdsa-keys
+.Nm tinc Fl n Ar NETNAME Li generate-ecdsa-keys
.Ed
.Sh SERVER CONFIGURATION
The server configuration of the daemon is done in the file
as this makes it easy to exchange with other nodes.
.Pp
You can edit the config file manually, but it is recommended that you use
-.Xr tincctl 8
+.Xr tinc 8
to change configuration variables for you.
.Pp
Here are all valid variables, listed in alphabetical order.
This is only used if
.Va ExperimentalProtocol
is enabled.
-.It Va ExperimentalProtocol Li = yes | no Po no Pc Bq experimental
-When this option is enabled, experimental protocol enhancements will be used.
+.It Va ExperimentalProtocol Li = yes | no Pq yes
+When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
Ephemeral ECDH will be used for key exchanges,
and ECDSA will be used instead of RSA for authentication.
When enabled, an ECDSA key must have been generated before with
-.Nm tincctl generate-ecdsa-keys .
-The experimental protocol may change at any time,
-and there is no guarantee that tinc will run stable when it is used.
+.Nm tinc generate-ecdsa-keys .
.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
This option selects the way indirect packets are forwarded.
.Bl -tag -width indent
.Pp
Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
This feature may not work in all possible situations.
+.It Va LocalDiscoveryAddress Li = Ar address
+If this variable is specified, local discovery packets are sent to the given
+.Ar address .
.It Va MACExpire Li = Ar seconds Pq 600
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when
.Va Mode
is set to
.Qq switch .
+.It Va MaxConnectionBurst Li = Ar count Pq 100
+This option controls how many connections tinc accepts in quick succession.
+If there are more connections than the given number in a short time interval,
+tinc will reduce the number of accepted connections to only one per second,
+until the burst has passed.
.It Va MaxTimeout Li = Ar seconds Pq 900
This is the maximum delay before trying to reconnect to other tinc daemons.
.It Va Mode Li = router | switch | hub Pq router
.Qq none
will turn off packet encryption.
It is best to use only those ciphers which support CBC mode.
+This option has no effect for connections between nodes using
+.Va ExperimentalProtocol .
.It Va ClampMSS Li = yes | no Pq yes
This option specifies whether tinc should clamp the maximum segment size (MSS)
of TCP packets to the path MTU. This helps in situations where ICMP
Furthermore, specifying
.Qq none
will turn off packet authentication.
+This option has no effect for connections between nodes using
+.Va ExperimentalProtocol .
.It Va IndirectData Li = yes | no Pq no
When set to yes, other nodes which do not already have a meta connection to you
will not try to establish direct communication with you.
Can be anything from
.Qq 0
up to the length of the digest produced by the digest algorithm.
+This option has no effect for connections between nodes using
+.Va ExperimentalProtocol .
.It Va PMTU Li = Ar mtu Po 1514 Pc
This option controls the initial path MTU to this node.
.It Va PMTUDiscovery Li = yes | no Po yes Pc
Apart from reading the server and host configuration files,
tinc can also run scripts at certain moments.
Under Windows (not Cygwin), the scripts should have the extension
-.Pa .bat .
+.Pa .bat
+or
+.Pa cmd .
.Bl -tag -width indent
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
This is the most important script.
The Subnet and the node it belongs to are passed in environment variables.
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /subnet-down
This script is started when a Subnet becomes unreachable.
+.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /invitation-created
+This script is started when a new invitation has been created.
+.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /invitation-accepted
+This script is started when an invitation has been used.
.El
.Pp
The scripts are started without command line arguments, but can make use of certain environment variables.
in scripts.
Under Windows, in
.Pa .bat
+or
+.Pa .cmd
files, they have to be put between
.Li %
signs.
When a subnet becomes (un)reachable, this is set to the subnet.
.It Ev WEIGHT
When a subnet becomes (un)reachable, this is set to the subnet weight.
+.It Ev INVITATION_FILE
+When the
+.Pa invitation-created
+script is called, this is set to the file where the invitation details will be stored.
+.It Ev INVITATION_URL
+When the
+.Pa invitation-created
+script is called, this is set to the invitation URL that has been created.
.El
.Pp
Do not forget that under UNIX operating systems, you have to make the scripts executable, using the command
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
The default name of the server configuration file for net
.Ar NETNAME .
+.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /conf.d/
+Optional directory from which any .conf file will be loaded
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
Host configuration files are kept in this directory.
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
.El
.Sh SEE ALSO
.Xr tincd 8 ,
-.Xr tincctl 8 ,
+.Xr tinc 8 ,
.Pa http://www.tinc-vpn.org/ ,
.Pa http://www.tldp.org/LDP/nag2/ .
.Pp
projects / tinc / blobdiff