-.Dd 2011-06-25
+.Dd 2012-10-14
.Dt TINCCTL 8
.\" Manual page created by:
.\" Scott Lamb
.Op Fl cn
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -net Ns = Ns Ar NETNAME
-.Op Fl -controlcookie Ns = Ns Ar FILENAME
+.Op Fl -pidfile Ns = Ns Ar FILENAME
.Op Fl -help
.Op Fl -version
.Ar COMMAND
.It Fl n, -net Ns = Ns Ar NETNAME
Communicate with tincd(8) connected with
.Ar NETNAME .
-.It Fl -controlcookie Ns = Ns Ar FILENAME
+.It Fl -pidfile Ns = Ns Ar FILENAME
Use the cookie from
.Ar FILENAME
to authenticate with a running tinc daemon.
If unspecified, the default is
-.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .cookie.
+.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
.It Fl -help
Display short list of options.
.It Fl -version
Output version information and exit.
.El
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -width indent
+.It Ev NETNAME
+If no netname is specified on the command line with the
+.Fl n
+option, the value of this environment variable is used.
+.El
.Sh COMMANDS
-.zZ
.Bl -tag -width indent
-.It start
+.It init Op Ar name
+Create initial configuration files and RSA and ECDSA keypairs with default length.
+If no
+.Ar name
+for this node is given, it will be asked for.
+.It config Oo get Oc Ar variable
+Print the current value of configuration variable
+.Ar variable .
+If more than one variable with the same name exists,
+the value of each of them will be printed on a separate line.
+.It config Oo set Oc Ar variable Ar value
+Set configuration variable
+.Ar variable
+to the given
+.Ar value .
+All previously existing configuration variables with the same name are removed.
+To set a variable for a specific host, use the notation
+.Ar host Ns Li . Ns Ar variable .
+.It config add Ar variable Ar value
+As above, but without removing any previously existing configuration variables.
+.It config del Ar variable Op Ar value
+Remove configuration variables with the same name and
+.Ar value .
+If no
+.Ar value
+is given, all configuration variables with the same name will be removed.
+.It edit Ar filename
+Start an editor for the given configuration file.
+You do not need to specify the full path to the file.
+.It export
+Export the host configuration file of the local node to standard output.
+.It export-all
+Export all host configuration files to standard output.
+.It import Op Fl -force
+Import host configuration file(s) from standard input.
+Already existing host configuration files are not overwritten unless the option
+.Fl -force
+is used.
+.It start Op tincd options
Start
-.Xr tincd 8 .
+.Xr tincd 8 ,
+optionally with the given extra options.
.It stop
Stop
.Xr tincd 8 .
Shows the PID of the currently running
.Xr tincd 8 .
.It generate-keys Op bits
+Generate both RSA and ECDSA keypairs (see below) and exit.
+.It generate-ecdsa-keys
+Generate public/private ECDSA keypair and exit.
+.It generate-rsa-keys Op bits
Generate public/private RSA keypair and exit.
If
.Ar bits
-is omitted, the default length will be 1024 bits.
+is omitted, the default length will be 2048 bits.
When saving keys to existing files, tinc will not delete the old keys;
you have to remove them manually.
-.It dump nodes
+.It dump [reachable] nodes
Dump a list of all known nodes in the VPN.
+If the keyword reachable is used, only lists reachable nodes.
.It dump edges
Dump a list of all known connections in the VPN.
.It dump subnets
Dump a list of all known subnets in the VPN.
.It dump connections
Dump a list of all meta connections with ourself.
-.It dump graph
+.It dump graph | digraph
Dump a graph of the VPN in
.Xr dotty 1
format.
+Nodes are colored according to their reachability:
+red nodes are unreachable, orange nodes are indirectly reachable, green nodes are directly reachable.
+Black nodes are either directly or indirectly reachable, but direct reachability has not been tried yet.
+.It info Ar node | subnet | address
+Show information about a particular node, subnet or address.
+If an address is given, any matching subnet will be shown.
.It purge
Purges all information remembered about unreachable nodes.
.It debug Ar N
Sets debug level to
.Ar N .
+.It log Op Ar N
+Capture log messages from a running tinc daemon.
+An optional debug level can be given that will be applied only for log messages sent to
+.Nm tincctl .
.It retry
Forces
.Xr tincd 8
tincctl -n vpn dump graph | circo -Txlib
tincctl -n vpn pcap | tcpdump -r -
tincctl -n vpn top
+.Pp
+.Ed
+Example of configuring tinc using
+.Nm :
+.Bd -literal -offset indent
+tincctl -n vpn init foo
+tincctl -n vpn config Subnet 192.168.1.0/24
+tincctl -n vpn config bar.Address bar.example.com
+tincctl -n vpn config ConnectTo bar
+tincctl -n vpn export | gpg --clearsign | mail -s "My config" vpnmaster@example.com
.Ed
.Sh TOP
The top command connects to a running tinc daemon and repeatedly queries its per-node traffic counters.
.Xr tincd 8 ,
.Xr tinc.conf 5 ,
.Xr dotty 1 ,
-.Xr pcap-savefile 7 ,
+.Xr pcap-savefile 5 ,
.Xr tcpdump 8 ,
.Xr top 1 ,
.Pa http://www.tinc-vpn.org/ ,
projects / tinc / blobdiff