+++ /dev/null
-.TH TINC 5 "May 2000" "tinc version 1.0" "FSF"
-.SH NAME
-tincd.conf \- tinc daemon configuration
-.SH "DESCRIPTION"
-The files in the \fI/etc/tinc\fR directory contain runtime and
-security information for the \fBtinc\fR(8) daemon.
-.PP
-.SH "NETWORKS"
-It is perfectly ok for you to run more than one tinc daemon. However,
-in its default form, you will soon notice that you can't use two
-different configuration files without the \fI-c\fR option.
-
-We have thought of another way of dealing with this: network
-names. This means that you call \fBtincd\fR with the \fI-n\fR argument,
-which will assign a name to this daemon.
-
-The effect of this is that the daemon will set its configuration
-``root'' to \fI/etc/tinc/\fBnn\fI/\fR, where \fBnn\fR is your argument
-to the \fI-n\fR option. You'll notice that it appears in syslog as
-``tincd.\fBnn\fR''.
-
-However, it is not strictly necessary that you call tinc with the -n
-option. In this case, the network name would just be empty, and it
-will be used as such. tinc now looks for files in \fI/etc/tinc/\fR,
-instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be
-\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be
-in \fI/etc/tinc/passphrases/\fR.
-
-But it is highly recommended that you use this feature of tinc,
-because it will be so much clearer whom your daemon talks to. Hence,
-we will assume that you use it.
-.PP
-.SH "PASSPHRASES"
-You should use the \fBgenauth\fR(8) program to generate passphrases.
-with, it accepts a single parameter, which is the number of bits the
-passphrase should be. Its output should be stored in
-\fI/etc/tinc/\fBnn\fI/passphrases/local\fR \-\- where \fBnn\fR stands
-for the network (See under \fBNETWORKS\fR) above.
-
-Please see the manpage for \fBgenauth\fR to learn more about setting
-up an authentication scheme.
-.PP
-.SH "CONFIGURATION"
-The actual configuration of the daemon is done in the file
-\fI/etc/tinc/\fBnn\fI/tincd.conf\fR.
-
-This file consists of comments (lines started with a \fB#\fR) or
-assignments in the form of
-.PP
-.Vb 1
-\& \fIVariable \fB= \fIValue\fR.
-.Ve
-.PP
-The variable names are case insensitive, and any spaces, tabs,
-newlines and carriage returns are ignored. \fINote\fR: it is not
-required that you put in the \fB=\fR sign, but doing so improves
-readability. If you leave it out, remember to replace it with at least
-one space character.
-.PP
-.SH "VARIABLES"
-.PP
-Here are all valid variables, listed in alphabetical order. The default
-value, required or optional is given between parentheses.
-.TP
-\fBConnectPort\fR = <\fIport\fR> (655)
-Connect to the upstream host (given with the \fBConnectTo\fR directive) on
-port \fIport\fR. port may be given in decimal (default), octal (when preceded
-by a single zero) or hexadecimal (prefixed with 0x). \fIport\fR is the port
-number for both the UDP and the TCP (meta) connections.
-.TP
-\fBConnectTo\fR = <\fIIP address|hostname\fR> (optional)
-Specifies which host to connect to on startup. Multiple \fBConnectTo\fR variables
-may be specified, if connecting to the first one fails then tinc will try
-the next one, and so on. It is possible to specify hostnames for dynamic IP
-addresses (like those given on dyndns.org), tinc will not cache the resolved
-IP address.
-
-If you don't specify a host with \fBConnectTo\fR, regardless of whether a
-value for \fBConnectPort\fR is given, tinc won't connect at all, and will
-instead just listen for incoming connections.
-.TP
-\fBHostnames\fR = <\fIyes|no\fR> (no)
-This option selects whether IP addresses (both real and on the VPN) should
-be resolved. Since DNS lookups are blocking, it might affect tinc's
-efficiency, even stopping the daemon for a few seconds everytime it does
-a lookup if your DNS server is not responding.
-
-This does not affect resolving hostnames to IP addresses from the configuration
-file.
-.TP
-\fBIndirectData\fR = <\fIyes|no\fR> (no)
-This option specifies whether other tinc daemons besides the one you
-specified with \fBConnectTo\fR can make a direct connection to you. This is
-especially useful if you are behind a firewall and it is impossible
-to make a connection from the outside to your tinc daemon. Otherwise,
-it is best to leave this option out or set it to no.
-.TP
-\fBInterface\fR = <\fIdevice\fR> (optional)
-If you have more than one network interface in your computer, tinc will by
-default listen on all of them for incoming connections. It is possible to
-bind tinc to a single interface like eth0 or ppp0 with this variable.
-.TP
-\fBInterfaceIP\fR = <\fIlocal address\fR> (optional)
-If your computer has more than one IP address on a single interface (for example
-if you are running virtual hosts), tinc will by default listen on all of them for
-incoming connections. It is possible to bind tinc to a single IP address with
-this variable. It is still possible to listen on several interfaces at the same
-time though, if they share the same IP address.
-.TP
-\fBKeyExpire\fR = <\fIseconds\fR> (3600)
-This option controls the time the encryption keys used to encrypt the data
-are valid. It is common practice to change keys at regular intervals to
-make it even harder for crackers, even though it is thought to be nearly
-impossible to crack a single key.
-.TP
-\fBListenPort\fR = <\fIport\fR> (655)
-Listen on local port \fIport\fR. The computer connecting to this daemon should
-use this number as the argument for his \fBConnectPort\fR.
-.TP
-\fBMyOwnVPNIP\fR = <\fIlocal address[/maskbits]\fR> (required)
-The \fIlocal address\fR is the number that the daemon will propagate to
-other daemons on the network when it is identifying itself. Hence this
-will be the file name of the passphrase file that the other end expects
-to find the passphrase in.
-
-The local address is the IP address of the tap device, not the real IP
-address of the host running tincd. Due to changes in recent kernels, it
-is also necessary that you make the ethernet (also known as MAC) address
-equal to the IP address (see the example).
-
-\fImaskbits\fR is the number of bits set to 1 in the netmask part.
-.TP
-\fBMyVirtualIP\fR = <\fIlocal address[/maskbits]>
-This is an alias for \fBMyOwnVPNIP\fR.
-.TP
-\fBPassphrases\fR = <\fIdirectory\fR> (/etc/tinc/NETNAME/passphrases)
-The directory where tinc will look for passphrases when someone tries to
-connect. Please see the manpage for genauth(8) for more information
-about passphrases as used by tinc.
-.TP
-\fBPingTimeout\fR = <\fIseconds\fR> (5)
-The number of seconds of inactivity that tinc will wait before sending a
-probe to the other end. If that other end doesn't answer within that
-same amount of seconds, the connection is terminated, and the others
-will be notified of this.
-.TP
-\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0)
-The ethertap device to use. Note that you can only use one device per
-daemon. The info pages of the tinc package contain more information
-about configuring an ethertap device for Linux.
-.TP
-\fBTCPonly\fR = <\fIyes|no\fR> (no, experimental)
-If this variable is set to yes, then the packets are tunnelled over a TCP
-connection instead of a UDP connection. This is especially useful for those
-who want to run a tinc daemon from behind a masquerading firewall, or if
-UDP packet routing is disabled somehow. This is experimental code,
-try this at your own risk.
-.TP
-\fBVpnMask\fR = <\fImask\fR> (optional)
-The mask that defines the scope of the entire VPN. This option is not used
-by the tinc daemon itself, but can be used by startup scripts to configure
-the ethertap devices correctly.
-.PP
-.SH "FILES"
-.TP
-\fI/etc/tinc/\fR
-The top directory for configuration files.
-.TP
-\fI/etc/tinc/\fBnn\fI/tincd.conf\fR
-The default name of the configuration file for net
-\fBnn\fR.
-.TP
-\fI/etc/tinc/\fBnn\fI/passphrases/\fR
-Passphrases are kept in this directory. (See the section
-\fBPASSPHRASES\fR above).
-.PP
-.SH "SEE ALSO"
-\fBtincd\fR(8), \fBgenauth\fR(8)
-.TP
-\fBhttp://tinc.nl.linux.org/\fR
-.PP
-The full documentation for
-.B tinc
-is maintained as a Texinfo manual. If the
-.B info
-and
-.B tinc
-programs are properly installed at your site, the command
-.IP
-.B info tinc
-.PP
-should give you access to the complete manual.
-.PP
-tinc comes with ABSOLUTELY NO WARRANTY. This is free software,
-and you are welcome to redistribute it under certain conditions;
-see the file COPYING for details.
projects / tinc / blobdiff