X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftincd.8;h=23d692b0f78f78447423aa309ad229b93120c0d0;hp=1dbe280afb6180a0c2881f8d852141ca68046350;hb=1dcbdf48eb4a642e4d70a9e67aaca78deacf352d;hpb=0d99ae59bd7c640d396ce978045f0911567fb9bf diff --git a/doc/tincd.8 b/doc/tincd.8 index 1dbe280a..23d692b0 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -1,153 +1,177 @@ -.TH TINCD 8 "Jan 2001" "tinc version 1.0pre4" "FSF" -.SH NAME -tincd \- tinc VPN daemon -.SH SYNOPSIS -.B tincd -[\fIoption\fR]... -.SH DESCRIPTION -.PP - -This is the daemon of tinc, a secure virtual private -network (VPN) project. When started, tincd will read -it's configuration file to determine what virtual subnets -it has to serve and to what other tinc daemons it should connect. -It will connect to the ethertap or tun/tap device and set up a socket -for incoming connections. -Optionally a script will be executed to further configure the tap device. -If that succeeds, it will detach from the controlling terminal and -continue in the background, accepting and setting up connections to other -tinc daemons that are part of the virtual private network. - -.SH OPTIONS -.TP -\fB\-c\fR, \fB\-\-config\fR=\fIDIR\fR -Read configuration options from DIR. -.TP -\fB\-D\fR, \fB\-\-no\-detach\fR -Don't fork and detach. This will also disable the automatic -restart mechanism for fatal errors. -.TP -\fB\-d\fR -Increase debug level (see below). -.TP -\fB\-k\fR, \fB\-\-kill\fR -Attempt to kill a running tincd and exit. -.TP -\fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR -Connect to net NETNAME. -.TP -\fB\-K\fR, \fB\-\-generate-keys\fR[=\fIBITS]\fR -Generate public/private RSA keypair and exit. If BITS is omitted, -the default length will be 1024 bits. -.TP -\fB\-\-help\fR +.Dd 2002-03-25 +.Dt TINCD 8 +.\" Manual page created by: +.\" Ivo Timmermans +.\" Guus Sliepen +.Sh NAME +.Nm tincd +.Nd tinc VPN daemon +.Sh SYNOPSIS +.Nm +.Op Fl cdDkKn +.Op Fl -bypass-security +.Op Fl -config Ns = Ns Ar DIR +.Op Fl -debug Ns = Ns Ar LEVEL +.Op Fl -generate-keys Ns Op = Ns Ar BITS +.Op Fl -help +.Op Fl -kill Ns = Ns Ar SIGNAL +.Op Fl -net Ns = Ns Ar NETNAME +.Op Fl -no-detach +.Op Fl -version +.Sh DESCRIPTION +This is the daemon of tinc, a secure virtual private network (VPN) project. +When started, +.Nm +will read it's configuration file to determine what virtual subnets it has to serve +and to what other tinc daemons it should connect. +It will connect to the ethertap or tun/tap device +and set up a socket for incoming connections. +Optionally a script will be executed to further configure the virtual device. +If that succeeds, +it will detach from the controlling terminal and continue in the background, +accepting and setting up connections to other tinc daemons +that are part of the virtual private network. +.Sh OPTIONS +.Bl -tag -width indent +.It Fl -bypass-security +Disables encryption and authentication. +Only useful for debugging. +.It Fl c, -config Ns = Ns Ar DIR +Read configuration options from +.Ar DIR . +.It Fl d, -debug Ns Op = Ns Ar LEVEL +Increase debug level or set it to +.Ar LEVEL +(see below). +.It Fl K, -generate-keys Ns Op = Ns Ar BITS +Generate public/private RSA keypair and exit. +If +.Ar BITS +is omitted, the default length will be 1024 bits. +.It Fl -help Display short list of options. -.TP -\fB\-\-version\fR +.It Fl k, -kill Ns Op = Ns Ar SIGNAL +Attempt to kill a running +.Nm +(optionally with the specified +.Ar SIGNAL +instead of SIGTERM) and exit. +.It Fl n, -net Ns = Ns Ar NETNAME +Connect to net +.Ar NETNAME . +.It Fl D, -no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. +.It Fl L, -mlock +Lock tinc into main memory. +This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. +.It Fl -version Output version information and exit. -.PP -.SH "SIGNALS" -.TP -\fBHUP\fR +.El +.Sh SIGNALS +.Bl -tag -width indent +.It ALRM +Forces +.Nm +to try to connect to all uplinks immediately. +Usually +.Nm +attempts to do this itself, +but increases the time it waits between the attempts each time it failed, +and if +.Nm +didn't succeed to connect to an uplink the first time after it started, +it defaults to the maximum time of 15 minutes. +.It HUP Closes all connections, rereads the configuration file and restarts the daemon. -.TP -\fBINT\fR -Closes all connections and quits. -.TP -\fBUSR1\fR +.It INT +Temporarily increases debug level to 5. +Send this signal again to revert to the original level. +.It USR1 Dumps the connection list to syslog. -.TP -\fBUSR2\fR -Dumps the subnet list to syslog. -.TP -\fBALRM\fR -Forces tincd to try to connect to an uplink immediately. Usually tincd attempts -to do this itself, but increases the time it waits between the attempts each time -it failed, and if tincd didn't succeed to connect to an uplink the first time after -it started, it defaults to the maximum time of 15 minutes. -.PP -.SH "DEBUG LEVELS" -The tinc daemon can send a lot of messages to the syslog. The more \fB\-d\fR options are -given to tincd, the more messages it will log. Each level inherits all messages of the -previous level: -.TP -\fIno debug options\fR -This will log a message indicating tincd has started along with a version number. +.It USR2 +Dumps virtual network device statistics, all known nodes, edges and subnets to syslog. +.It WINCH +Purges all information remembered about unreachable nodes. +.El +.Sh DEBUG LEVELS +The tinc daemon can send a lot of messages to the syslog. +The higher the debug level, +the more messages it will log. +Each level inherits all messages of the previous level: +.Bl -tag -width indent +.It 0 +This will log a message indicating +.Nm +has started along with a version number. It will also any serious error. -.TP -\fB\-d\fR +.It 1 This will log all connections that are made with other tinc daemons. -.TP -\fB\-dd\fR +.It 2 This will log status and error messages from other tinc daemons. -.TP -\fB\-ddd\fR +.It 3 This will log all requests that are exchanged with other tinc daemons. These include authentication, key exchange and connection list updates. -.TP -\fB\-dddd\fR +.It 4 This will log a copy of everything received on the meta socket. -.TP -\fB\-ddddd\fR +.It 5 This will log all network traffic over the virtual private network. -.PP -.SH "FILES" -.TP -\fI/etc/tinc//tinc.conf\fR -The configuration file for tincd. -.TP -\fI/etc/tinc//tinc-up\fR -Script which is executed as soon as a tap device has been allocated. +.El +.Sh FILES +.Bl -tag -width indent +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +The configuration file for +.Nm . +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +Script which is executed as soon as the virtual network device has been allocated. Purpose is to further configure that device. -.TP -\fI/etc/tinc//tinc-down\fR -Script which is executed when tinc quits. -Purpose is to shut down the tap device. -.TP -\fI/etc/tinc//hosts/*\fR +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +Script which is executed when +.Nm +exits. +Purpose is to cleanly shut down the virtual network device before it will be deallocated. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/* The directory containing the host configuration files used to authenticate other tinc daemons. -.PP -.SH "BUGS" -Maintaining a connection list on each tinc daemon that can connect and disconnect at any -moment, and making sure that all connections satisfy the tree property isn't easy. Although -we have done a lot to make sure tinc is sturdy and foolproof, it might happen that -some connection lists get corrupted. -.PP -\fBThe cryptography in tinc is not well tested yet. Use it at your own risk!\fR -.PP +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up +Script which is executed as soon as host +.Ar NAME +becomes reachable. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down +Script which is executed as soon as host +.Ar NAME +becomes unreachable. +.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid +The PID of the currently running +.Nm +is stored in this file. +.El +.Sh BUGS +The +.Va BindToInterface +option may not work correctly. +.Pp +.Sy The cryptography in tinc is not well tested yet. Use it at your own risk! +.Pp If you find any bugs, report them to tinc@nl.linux.org. -.PP -.SH "TODO" -A lot, especially security auditting. -.PP -.SH "SEE ALSO" -\fBtinc.conf\fR(5) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.TP -\fBhttp://www.cabal.org/\fR -.PP -The full documentation for -.B tinc -is maintained as a Texinfo manual. If the -.B info -and -.B tinc -programs are properly installed at your site, the command -.IP -.B info tinc -.PP +.Sh TODO +A lot, especially security auditing. +.Sh SEE ALSO +.Xr tinc.conf 5 , +.Pa http://tinc.nl.linux.org/ , +.Pa http://www.cabal.org/ . +.Pp +The full documentation for tinc is maintained as a Texinfo manual. +If the info and tinc programs are properly installed at your site, +the command +.Ic info tinc should give you access to the complete manual. -.PP -tinc comes with ABSOLUTELY NO WARRANTY. This is free software, -and you are welcome to redistribute it under certain conditions; +.Pp +tinc comes with ABSOLUTELY NO WARRANTY. +This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details. -.SH "AUTHORS" -.na -.nf -Ivo Timmermans -Guus Sliepen - +.Sh AUTHORS +.An "Ivo Timmermans" Aq ivo@o2w.nl +.An "Guus Sliepen" Aq guus@sliepen.eu.org +.Pp And thanks to many others for their contributions to tinc! -.PP