-.TH TINCD 8 "Jan 2001" "tinc version 1.0pre4" "FSF"
-.SH NAME
-tincd \- tinc VPN daemon
-.SH SYNOPSIS
-.B tincd
-[\fIoption\fR]...
-.SH DESCRIPTION
-.PP
-
-This is the daemon of tinc, a secure virtual private
-network (VPN) project. When started, tincd will read
-it's configuration file to determine what virtual subnets
-it has to serve and to what other tinc daemons it should connect.
-It will connect to the ethertap or tun/tap device and set up a socket
-for incoming connections.
-Optionally a script will be executed to further configure the tap device.
-If that succeeds, it will detach from the controlling terminal and
-continue in the background, accepting and setting up connections to other
-tinc daemons that are part of the virtual private network.
-
-.SH OPTIONS
-.TP
-\fB\-c\fR, \fB\-\-config\fR=\fIDIR\fR
-Read configuration options from DIR.
-.TP
-\fB\-D\fR, \fB\-\-no\-detach\fR
-Don't fork and detach. This will also disable the automatic
-restart mechanism for fatal errors.
-.TP
-\fB\-d\fR
-Increase debug level (see below).
-.TP
-\fB\-k\fR, \fB\-\-kill\fR
-Attempt to kill a running tincd and exit.
-.TP
-\fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR
-Connect to net NETNAME.
-.TP
-\fB\-K\fR, \fB\-\-generate-keys\fR[=\fIBITS]\fR
-Generate public/private RSA keypair and exit. If BITS is omitted,
-the default length will be 1024 bits.
-.TP
-\fB\-\-help\fR
+.Dd 2002-03-25
+.Dt TINCD 8
+.\" Manual page created by:
+.\" Ivo Timmermans <ivo@o2w.nl>
+.\" Guus Sliepen <guus@sliepen.eu.org>
+.Sh NAME
+.Nm tincd
+.Nd tinc VPN daemon
+.Sh SYNOPSIS
+.Nm
+.Op Fl cdDkKnL
+.Op Fl -config Ns = Ns Ar DIR
+.Op Fl -no-detach
+.Op Fl -debug Ns Op = Ns Ar LEVEL
+.Op Fl -kill Ns Op = Ns Ar SIGNAL
+.Op Fl -net Ns = Ns Ar NETNAME
+.Op Fl -generate-keys Ns Op = Ns Ar BITS
+.Op Fl -mlock
+.Op Fl -logfile Ns Op = Ns Ar FILE
+.Op Fl -pidfile Ns = Ns Ar FILE
+.Op Fl -bypass-security
+.Op Fl -help
+.Op Fl -version
+.Sh DESCRIPTION
+This is the daemon of tinc, a secure virtual private network (VPN) project.
+When started,
+.Nm
+will read it's configuration file to determine what virtual subnets it has to serve
+and to what other tinc daemons it should connect.
+It will connect to the ethertap or tun/tap device
+and set up a socket for incoming connections.
+Optionally a script will be executed to further configure the virtual device.
+If that succeeds,
+it will detach from the controlling terminal and continue in the background,
+accepting and setting up connections to other tinc daemons
+that are part of the virtual private network.
+.Sh OPTIONS
+.Bl -tag -width indent
+.It Fl c, -config Ns = Ns Ar DIR
+Read configuration options from
+.Ar DIR .
+.It Fl D, -no-detach
+Don't fork and detach.
+This will also disable the automatic restart mechanism for fatal errors.
+.It Fl d, -debug Ns Op = Ns Ar LEVEL
+Increase debug level or set it to
+.Ar LEVEL
+(see below).
+.It Fl k, -kill Ns Op = Ns Ar SIGNAL
+Attempt to kill a running
+.Nm
+(optionally with the specified
+.Ar SIGNAL
+instead of SIGTERM) and exit.
+.It Fl n, -net Ns = Ns Ar NETNAME
+Connect to net
+.Ar NETNAME .
+.It Fl K, -generate-keys Ns Op = Ns Ar BITS
+Generate public/private RSA keypair and exit.
+If
+.Ar BITS
+is omitted, the default length will be 1024 bits.
+.It Fl L, -mlock
+Lock tinc into main memory.
+This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
+.It Fl -logfile Ns Op = Ns Ar FILE
+Write log entries to a file instead of to the system logging facility.
+If
+.Ar FILE
+is omitted, the default is
+.Pa /var/log/tinc. Ns Ar NETNAME Ns Pa .log.
+.It Fl -pidfile Ns = Ns Ar FILE
+Write PID to
+.Ar FILE
+instead of
+.Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid.
+.It Fl -bypass-security
+Disables encryption and authentication of the meta protocol.
+Only useful for debugging.
+.It Fl -help
Display short list of options.
-.TP
-\fB\-\-version\fR
+.It Fl -version
Output version information and exit.
-.PP
-.SH "SIGNALS"
-.TP
-\fBHUP\fR
-Closes all connections, rereads the configuration file and restarts the daemon.
-.TP
-\fBINT\fR
-Closes all connections and quits.
-.TP
-\fBUSR1\fR
+.El
+.Sh SIGNALS
+.Bl -tag -width indent
+.It ALRM
+Forces
+.Nm
+to try to connect to all uplinks immediately.
+Usually
+.Nm
+attempts to do this itself,
+but increases the time it waits between the attempts each time it failed,
+and if
+.Nm
+didn't succeed to connect to an uplink the first time after it started,
+it defaults to the maximum time of 15 minutes.
+.It HUP
+Partially rereads configuration files.
+Connections to hosts whose host config file are removed are closed.
+New outgoing connections specified in
+.Pa tinc.conf
+will be made.
+.It INT
+Temporarily increases debug level to 5.
+Send this signal again to revert to the original level.
+.It USR1
Dumps the connection list to syslog.
-.TP
-\fBUSR2\fR
-Dumps the subnet list to syslog.
-.TP
-\fBALRM\fR
-Forces tincd to try to connect to an uplink immediately. Usually tincd attempts
-to do this itself, but increases the time it waits between the attempts each time
-it failed, and if tincd didn't succeed to connect to an uplink the first time after
-it started, it defaults to the maximum time of 15 minutes.
-.PP
-.SH "DEBUG LEVELS"
-The tinc daemon can send a lot of messages to the syslog. The more \fB\-d\fR options are
-given to tincd, the more messages it will log. Each level inherits all messages of the
-previous level:
-.TP
-\fIno debug options\fR
-This will log a message indicating tincd has started along with a version number.
+.It USR2
+Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.
+.It WINCH
+Purges all information remembered about unreachable nodes.
+.El
+.Sh DEBUG LEVELS
+The tinc daemon can send a lot of messages to the syslog.
+The higher the debug level,
+the more messages it will log.
+Each level inherits all messages of the previous level:
+.Bl -tag -width indent
+.It 0
+This will log a message indicating
+.Nm
+has started along with a version number.
It will also any serious error.
-.TP
-\fB\-d\fR
+.It 1
This will log all connections that are made with other tinc daemons.
-.TP
-\fB\-dd\fR
+.It 2
This will log status and error messages from other tinc daemons.
-.TP
-\fB\-ddd\fR
+.It 3
This will log all requests that are exchanged with other tinc daemons. These include
authentication, key exchange and connection list updates.
-.TP
-\fB\-dddd\fR
+.It 4
This will log a copy of everything received on the meta socket.
-.TP
-\fB\-ddddd\fR
+.It 5
This will log all network traffic over the virtual private network.
-.PP
-.SH "FILES"
-.TP
-\fI/etc/tinc/<NETNAME>/tinc.conf\fR
-The configuration file for tincd.
-.TP
-\fI/etc/tinc/<NETNAME>/tinc-up\fR
-Script which is executed as soon as a tap device has been allocated.
+.El
+.Sh FILES
+.Bl -tag -width indent
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
+The configuration file for
+.Nm .
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
+Script which is executed as soon as the virtual network device has been allocated.
Purpose is to further configure that device.
-.TP
-\fI/etc/tinc/<NETNAME>/tinc-down\fR
-Script which is executed when tinc quits.
-Purpose is to shut down the tap device.
-.TP
-\fI/etc/tinc/<NETNAME>/hosts/*\fR
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
+Script which is executed when
+.Nm
+exits.
+Purpose is to cleanly shut down the virtual network device before it will be deallocated.
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/*
The directory containing the host configuration files
used to authenticate other tinc daemons.
-.PP
-.SH "BUGS"
-Maintaining a connection list on each tinc daemon that can connect and disconnect at any
-moment, and making sure that all connections satisfy the tree property isn't easy. Although
-we have done a lot to make sure tinc is sturdy and foolproof, it might happen that
-some connection lists get corrupted.
-.PP
-\fBThe cryptography in tinc is not well tested yet. Use it at your own risk!\fR
-.PP
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up
+Script which is executed as soon as host
+.Ar NAME
+becomes reachable.
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down
+Script which is executed as soon as host
+.Ar NAME
+becomes unreachable.
+.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid
+The PID of the currently running
+.Nm
+is stored in this file.
+.El
+.Sh BUGS
+The
+.Va BindToInterface
+option may not work correctly.
+.Pp
+.Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
+.Pp
If you find any bugs, report them to tinc@nl.linux.org.
-.PP
-.SH "TODO"
-A lot, especially security auditting.
-.PP
-.SH "SEE ALSO"
-\fBtinc.conf\fR(5)
-.TP
-\fBhttp://tinc.nl.linux.org/\fR
-.TP
-\fBhttp://www.cabal.org/\fR
-.PP
-The full documentation for
-.B tinc
-is maintained as a Texinfo manual. If the
-.B info
-and
-.B tinc
-programs are properly installed at your site, the command
-.IP
-.B info tinc
-.PP
+.Sh TODO
+A lot, especially security auditing.
+.Sh SEE ALSO
+.Xr tinc.conf 5 ,
+.Pa http://tinc.nl.linux.org/ ,
+.Pa http://www.cabal.org/ .
+.Pp
+The full documentation for tinc is maintained as a Texinfo manual.
+If the info and tinc programs are properly installed at your site,
+the command
+.Ic info tinc
should give you access to the complete manual.
-.PP
-tinc comes with ABSOLUTELY NO WARRANTY. This is free software,
-and you are welcome to redistribute it under certain conditions;
+.Pp
+tinc comes with ABSOLUTELY NO WARRANTY.
+This is free software, and you are welcome to redistribute it under certain conditions;
see the file COPYING for details.
-.SH "AUTHORS"
-.na
-.nf
-Ivo Timmermans <itimmermans@bigfoot.com>
-Guus Sliepen <guus@sliepen.warande.net>
-
+.Sh AUTHORS
+.An "Ivo Timmermans" Aq ivo@o2w.nl
+.An "Guus Sliepen" Aq guus@sliepen.eu.org
+.Pp
And thanks to many others for their contributions to tinc!
-.PP
projects / tinc / blobdiff