Provided by: tinc_1.0.23-2_amd64 bug

NAME

     tincd — tinc VPN daemon

SYNOPSIS

     tincd [-cdDkKnoLRU] [--config=DIR] [--no-detach] [--debug[=LEVEL]] [--kill[=SIGNAL]]
           [--net=NETNAME] [--generate-keys[=BITS]] [--option=[HOST.]KEY=VALUE] [--mlock]
           [--logfile[=FILE]] [--pidfile=FILE] [--bypass-security] [--chroot] [--user=USER]
           [--help] [--version]

DESCRIPTION

     This is the daemon of tinc, a secure virtual private network (VPN) project.  When started,
     tincd will read it's configuration file to determine what virtual subnets it has to serve
     and to what other tinc daemons it should connect.  It will connect to the ethertap or
     tun/tap device and set up a socket for incoming connections.  Optionally a script will be
     executed to further configure the virtual device.  If that succeeds, it will detach from the
     controlling terminal and continue in the background, accepting and setting up connections to
     other tinc daemons that are part of the virtual private network.  Under Windows (not Cygwin)
     tinc will install itself as a service, which will be restarted automatically after reboots.

OPTIONS

     -c, --config=DIR
             Read configuration files from DIR instead of /etc/tinc/.

     -D, --no-detach
             Don't fork and detach.  This will also disable the automatic restart mechanism for
             fatal errors.  If not mentioned otherwise, this will show log messages on the
             standard error output.

     -d, --debug[=LEVEL]
             Increase debug level or set it to LEVEL (see below).

     -k, --kill[=SIGNAL]
             Attempt to kill a running tincd (optionally with the specified SIGNAL instead of
             SIGTERM) and exit.  Under Windows (not Cygwin) the optional argument is ignored, the
             service will always be stopped and removed.

     -n, --net=NETNAME
             Connect to net NETNAME.  This will let tinc read all configuration files from
             /etc/tinc/ NETNAME.  Specifying .  for NETNAME is the same as not specifying any
             NETNAME.

     -K, --generate-keys[=BITS]
             Generate public/private RSA keypair and exit.  If BITS is omitted, the default
             length will be 2048 bits.  When saving keys to existing files, tinc will not delete
             the old keys, you have to remove them manually.

     -o, --option=[HOST.]KEY=VALUE
             Without specifying a HOST, this will set server configuration variable KEY to VALUE.
             If specified as HOST.KEY=VALUE, this will set the host configuration variable KEY of
             the host named HOST to VALUE.  This option can be used more than once to specify
             multiple configuration variables.

     -L, --mlock
             Lock tinc into main memory.  This will prevent sensitive data like shared private
             keys to be written to the system swap files/partitions.

     --logfile[=FILE]
             Write log entries to a file instead of to the system logging facility.  If FILE is
             omitted, the default is /var/log/tinc.NETNAME.log.

     --pidfile=FILE
             Write PID to FILE instead of /var/run/tinc.NETNAME.pid. Under Windows this option
             will be ignored.

     --bypass-security
             Disables encryption and authentication of the meta protocol.  Only useful for
             debugging.

     -R, --chroot
             With this option tinc chroots into the directory where network config is located
             (/etc/tinc/NETNAME if -n option is used, or to the directory specified with -c
             option) after initialization.

     -U, --user=USER
             setuid to the specified USER after initialization.

     --help  Display short list of options.

     --version
             Output version information and exit.

SIGNALS

     ALRM    Forces tincd to try to connect to all uplinks immediately.  Usually tincd attempts
             to do this itself, but increases the time it waits between the attempts each time it
             failed, and if tincd didn't succeed to connect to an uplink the first time after it
             started, it defaults to the maximum time of 15 minutes.

     HUP     Partially rereads configuration files.  Connections to hosts whose host config file
             are removed are closed.  New outgoing connections specified in tinc.conf will be
             made.  If the --logfile option is used, this will also close and reopen the log
             file, useful when log rotation is used.

     INT     Temporarily increases debug level to 5.  Send this signal again to revert to the
             original level.

     USR1    Dumps the connection list to syslog.

     USR2    Dumps virtual network device statistics, all known nodes, edges and subnets to
             syslog.

     WINCH   Purges all information remembered about unreachable nodes.

DEBUG LEVELS

     The tinc daemon can send a lot of messages to the syslog.  The higher the debug level, the
     more messages it will log.  Each level inherits all messages of the previous level:

     0       This will log a message indicating tincd has started along with a version number.
             It will also log any serious error.

     1       This will log all connections that are made with other tinc daemons.

     2       This will log status and error messages from scripts and other tinc daemons.

     3       This will log all requests that are exchanged with other tinc daemons. These include
             authentication, key exchange and connection list updates.

     4       This will log a copy of everything received on the meta socket.

     5       This will log all network traffic over the virtual private network.

FILES

     /etc/tinc/
             Directory containing the configuration files tinc uses.  For more information, see
             tinc.conf(5).

     /var/run/tinc.NETNAME.pid
             The PID of the currently running tincd is stored in this file.

BUGS

     The BindToInterface option may not work correctly.

     The cryptography in tinc is not well tested yet. Use it at your own risk!

     If you find any bugs, report them to tinc@tinc-vpn.org.

TODO

     A lot, especially security auditing.

SEE ALSO

     tinc.conf(5), http://www.tinc-vpn.org/, http://www.cabal.org/.

     The full documentation for tinc is maintained as a Texinfo manual.  If the info and tinc
     programs are properly installed at your site, the command info tinc should give you access
     to the complete manual.

     tinc comes with ABSOLUTELY NO WARRANTY.  This is free software, and you are welcome to
     redistribute it under certain conditions; see the file COPYING for details.

AUTHORS

     Ivo Timmermans
     Guus Sliepen <guus@tinc-vpn.org>

     And thanks to many others for their contributions to tinc!

                                        December 10, 2024