123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 |
- .Dd 2002-03-25
- .Dt TINCD 8
- .\" Manual page created by:
- .\" Ivo Timmermans
- .\" Guus Sliepen <guus@tinc-vpn.org>
- .Sh NAME
- .Nm tincd
- .Nd tinc VPN daemon
- .Sh SYNOPSIS
- .Nm
- .Op Fl cdDkKnL
- .Op Fl -config Ns = Ns Ar DIR
- .Op Fl -no-detach
- .Op Fl -debug Ns Op = Ns Ar LEVEL
- .Op Fl -kill Ns Op = Ns Ar SIGNAL
- .Op Fl -net Ns = Ns Ar NETNAME
- .Op Fl -generate-keys Ns Op = Ns Ar BITS
- .Op Fl -mlock
- .Op Fl -logfile Ns Op = Ns Ar FILE
- .Op Fl -pidfile Ns = Ns Ar FILE
- .Op Fl -bypass-security
- .Op Fl -help
- .Op Fl -version
- .Sh DESCRIPTION
- This is the daemon of tinc, a secure virtual private network (VPN) project.
- When started,
- .Nm
- will read it's configuration file to determine what virtual subnets it has to serve
- and to what other tinc daemons it should connect.
- It will connect to the ethertap or tun/tap device
- and set up a socket for incoming connections.
- Optionally a script will be executed to further configure the virtual device.
- If that succeeds,
- it will detach from the controlling terminal and continue in the background,
- accepting and setting up connections to other tinc daemons
- that are part of the virtual private network.
- Under Windows (not Cygwin) tinc will install itself as a service,
- which will be restarted automatically after reboots.
- .Sh OPTIONS
- .Bl -tag -width indent
- .It Fl c, -config Ns = Ns Ar DIR
- Read configuration files from
- .Ar DIR
- instead of
- .Pa @sysconfdir@/tinc/ .
- .It Fl D, -no-detach
- Don't fork and detach.
- This will also disable the automatic restart mechanism for fatal errors.
- If not mentioned otherwise, this will show log messages on the standard error output.
- .It Fl d, -debug Ns Op = Ns Ar LEVEL
- Increase debug level or set it to
- .Ar LEVEL
- (see below).
- .It Fl k, -kill Ns Op = Ns Ar SIGNAL
- Attempt to kill a running
- .Nm
- (optionally with the specified
- .Ar SIGNAL
- instead of SIGTERM) and exit.
- Under Windows (not Cygwin) the optional argument is ignored,
- the service will always be stopped and removed.
- .It Fl n, -net Ns = Ns Ar NETNAME
- Connect to net
- .Ar NETNAME .
- .It Fl K, -generate-keys Ns Op = Ns Ar BITS
- Generate public/private RSA keypair and exit.
- If
- .Ar BITS
- is omitted, the default length will be 1024 bits.
- When saving keys to existing files, tinc will not delete the old keys,
- you have to remove them manually.
- .It Fl L, -mlock
- Lock tinc into main memory.
- This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
- .It Fl -logfile Ns Op = Ns Ar FILE
- Write log entries to a file instead of to the system logging facility.
- If
- .Ar FILE
- is omitted, the default is
- .Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
- .It Fl -pidfile Ns = Ns Ar FILE
- Write PID to
- .Ar FILE
- instead of
- .Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
- Under Windows this option will be ignored.
- .It Fl -bypass-security
- Disables encryption and authentication of the meta protocol.
- Only useful for debugging.
- .It Fl -help
- Display short list of options.
- .It Fl -version
- Output version information and exit.
- .El
- .Sh SIGNALS
- .Bl -tag -width indent
- .It ALRM
- Forces
- .Nm
- to try to connect to all uplinks immediately.
- Usually
- .Nm
- attempts to do this itself,
- but increases the time it waits between the attempts each time it failed,
- and if
- .Nm
- didn't succeed to connect to an uplink the first time after it started,
- it defaults to the maximum time of 15 minutes.
- .It HUP
- Partially rereads configuration files.
- Connections to hosts whose host config file are removed are closed.
- New outgoing connections specified in
- .Pa tinc.conf
- will be made.
- .It INT
- Temporarily increases debug level to 5.
- Send this signal again to revert to the original level.
- .It USR1
- Dumps the connection list to syslog.
- .It USR2
- Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.
- .It WINCH
- Purges all information remembered about unreachable nodes.
- .El
- .Sh DEBUG LEVELS
- The tinc daemon can send a lot of messages to the syslog.
- The higher the debug level,
- the more messages it will log.
- Each level inherits all messages of the previous level:
- .Bl -tag -width indent
- .It 0
- This will log a message indicating
- .Nm
- has started along with a version number.
- It will also log any serious error.
- .It 1
- This will log all connections that are made with other tinc daemons.
- .It 2
- This will log status and error messages from scripts and other tinc daemons.
- .It 3
- This will log all requests that are exchanged with other tinc daemons. These include
- authentication, key exchange and connection list updates.
- .It 4
- This will log a copy of everything received on the meta socket.
- .It 5
- This will log all network traffic over the virtual private network.
- .El
- .Sh FILES
- .Bl -tag -width indent
- .It Pa @sysconfdir@/tinc/
- Directory containing the configuration files tinc uses.
- For more information, see
- .Xr tinc.conf 5 .
- .It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid
- The PID of the currently running
- .Nm
- is stored in this file.
- .El
- .Sh BUGS
- The
- .Va BindToInterface
- option may not work correctly.
- .Pp
- .Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
- .Pp
- If you find any bugs, report them to tinc@tinc-vpn.org.
- .Sh TODO
- A lot, especially security auditing.
- .Sh SEE ALSO
- .Xr tinc.conf 5 ,
- .Pa http://www.tinc-vpn.org/ ,
- .Pa http://www.cabal.org/ .
- .Pp
- The full documentation for tinc is maintained as a Texinfo manual.
- If the info and tinc programs are properly installed at your site,
- the command
- .Ic info tinc
- should give you access to the complete manual.
- .Pp
- tinc comes with ABSOLUTELY NO WARRANTY.
- This is free software, and you are welcome to redistribute it under certain conditions;
- see the file COPYING for details.
- .Sh AUTHORS
- .An "Ivo Timmermans"
- .An "Guus Sliepen" Aq guus@tinc-vpn.org
- .Pp
- And thanks to many others for their contributions to tinc!
|