tinc/doc/tincd.8.in

211 lines
6 KiB
Groff
Raw Normal View History

2013-01-20 20:03:22 +00:00
.Dd 2013-01-14
2002-02-10 21:57:54 +00:00
.Dt TINCD 8
.\" Manual page created by:
.\" Ivo Timmermans
.\" Guus Sliepen <guus@tinc-vpn.org>
2002-02-10 21:57:54 +00:00
.Sh NAME
.Nm tincd
.Nd tinc VPN daemon
.Sh SYNOPSIS
.Nm
.Op Fl cdDKnsoLRU
2002-02-10 21:57:54 +00:00
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -no-detach
.Op Fl -debug Ns Op = Ns Ar LEVEL
.Op Fl -net Ns = Ns Ar NETNAME
.Op Fl -option Ns = Ns Ar [HOST.]KEY=VALUE
.Op Fl -mlock
.Op Fl -logfile Ns Op = Ns Ar FILE
.Op Fl -syslog
.Op Fl -bypass-security
.Op Fl -chroot
.Op Fl -user Ns = Ns Ar USER
2002-02-10 21:57:54 +00:00
.Op Fl -help
.Op Fl -version
.Sh DESCRIPTION
This is the daemon of tinc, a secure virtual private network (VPN) project.
When started,
.Nm
will read it's configuration file to determine what virtual subnets it has to serve
and to what other tinc daemons it should connect.
It will connect to the ethertap or tun/tap device
and set up a socket for incoming connections.
Optionally a script will be executed to further configure the virtual device.
If that succeeds,
it will detach from the controlling terminal and continue in the background,
accepting and setting up connections to other tinc daemons
that are part of the virtual private network.
2003-08-09 00:53:22 +00:00
Under Windows (not Cygwin) tinc will install itself as a service,
which will be restarted automatically after reboots.
2002-02-10 21:57:54 +00:00
.Sh OPTIONS
.Bl -tag -width indent
.It Fl c, -config Ns = Ns Ar DIR
2003-08-09 00:53:22 +00:00
Read configuration files from
.Ar DIR
instead of
.Pa @sysconfdir@/tinc/ .
.It Fl D, -no-detach
Don't fork and detach.
This will also disable the automatic restart mechanism for fatal errors.
2003-08-09 00:53:22 +00:00
If not mentioned otherwise, this will show log messages on the standard error output.
2002-02-10 21:57:54 +00:00
.It Fl d, -debug Ns Op = Ns Ar LEVEL
Increase debug level or set it to
.Ar LEVEL
(see below).
.It Fl n, -net Ns = Ns Ar NETNAME
Connect to net
.Ar NETNAME .
2011-01-02 16:24:23 +00:00
This will let tinc read all configuration files from
.Pa @sysconfdir@/tinc/ Ar NETNAME .
Specifying
.Li .
for
.Ar NETNAME
is the same as not specifying any
.Ar NETNAME .
.It Fl o, -option Ns = Ns Ar [HOST.]KEY=VALUE
Without specifying a
.Ar HOST ,
this will set server configuration variable
.Ar KEY
to
.Ar VALUE .
If specified as
.Ar HOST.KEY=VALUE ,
this will set the host configuration variable
.Ar KEY
of the host named
.Ar HOST
to
.Ar VALUE .
This option can be used more than once to specify multiple configuration variables.
2002-09-15 22:19:38 +00:00
.It Fl L, -mlock
Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
This option is not supported on all platforms.
.It Fl -logfile Ns Op = Ns Ar FILE
Write log entries to a file instead of to the system logging facility.
If
.Ar FILE
is omitted, the default is
.Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
.It Fl s, -syslog
When this option is is set, tinc uses syslog instead of stderr in --no-detach mode.
.It Fl -pidfile Ns = Ns Ar FILENAME
2011-06-25 12:52:47 +00:00
Store a cookie in
.Ar FILENAME
which allows
2013-03-08 15:22:56 +00:00
.Xr tinc 8
2011-06-25 12:52:47 +00:00
to authenticate.
If
.Ar FILE
is omitted, the default is
.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
.It Fl -bypass-security
Disables encryption and authentication of the meta protocol.
Only useful for debugging.
.It Fl R, -chroot
With this option tinc chroots into the directory where network
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
or to the directory specified with -c option) after initialization.
This option is not supported on all platforms.
.It Fl U, -user Ns = Ns Ar USER
setuid to the specified
.Ar USER
after initialization.
This option is not supported on all platforms.
.It Fl -help
Display short list of options.
2002-02-10 21:57:54 +00:00
.It Fl -version
Output version information and exit.
2002-02-10 21:57:54 +00:00
.El
.Sh SIGNALS
.Bl -tag -width indent
2011-06-25 18:20:07 +00:00
.It ALRM
Forces
.Nm
to try to connect to all uplinks immediately.
Usually
.Nm
attempts to do this itself,
but increases the time it waits between the attempts each time it failed,
and if
.Nm
didn't succeed to connect to an uplink the first time after it started,
it defaults to the maximum time of 15 minutes.
2002-02-10 21:57:54 +00:00
.It HUP
Partially rereads configuration files.
Connections to hosts whose host config file are removed are closed.
New outgoing connections specified in
.Pa tinc.conf
will be made.
If the
.Fl -logfile
option is used, this will also close and reopen the log file,
useful when log rotation is used.
2002-02-10 21:57:54 +00:00
.El
.Sh DEBUG LEVELS
The tinc daemon can send a lot of messages to the syslog.
The higher the debug level,
the more messages it will log.
Each level inherits all messages of the previous level:
.Bl -tag -width indent
.It 0
This will log a message indicating
.Nm
has started along with a version number.
2003-10-11 14:42:30 +00:00
It will also log any serious error.
2002-02-10 21:57:54 +00:00
.It 1
This will log all connections that are made with other tinc daemons.
2002-02-10 21:57:54 +00:00
.It 2
2003-08-09 00:53:22 +00:00
This will log status and error messages from scripts and other tinc daemons.
2002-02-10 21:57:54 +00:00
.It 3
This will log all requests that are exchanged with other tinc daemons. These include
authentication, key exchange and connection list updates.
2002-02-10 21:57:54 +00:00
.It 4
This will log a copy of everything received on the meta socket.
2002-02-10 21:57:54 +00:00
.It 5
This will log all network traffic over the virtual private network.
2002-02-10 21:57:54 +00:00
.El
.Sh FILES
.Bl -tag -width indent
2003-08-09 00:53:22 +00:00
.It Pa @sysconfdir@/tinc/
Directory containing the configuration files tinc uses.
For more information, see
.Xr tinc.conf 5 .
.It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid
2002-02-10 21:57:54 +00:00
The PID of the currently running
.Nm
is stored in this file.
.El
.Sh BUGS
The
2002-03-25 15:01:32 +00:00
.Va BindToInterface
option may not work correctly.
2002-02-10 21:57:54 +00:00
.Pp
.Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
.Pp
If you find any bugs, report them to tinc@tinc-vpn.org.
2002-02-10 21:57:54 +00:00
.Sh TODO
A lot, especially security auditing.
.Sh SEE ALSO
2013-03-08 15:22:56 +00:00
.Xr tinc 8 ,
2002-02-10 21:57:54 +00:00
.Xr tinc.conf 5 ,
.Pa https://www.tinc-vpn.org/ ,
2002-02-10 21:57:54 +00:00
.Pa http://www.cabal.org/ .
.Pp
The full documentation for tinc is maintained as a Texinfo manual.
If the info and tinc programs are properly installed at your site,
the command
.Ic info tinc
should give you access to the complete manual.
2002-02-10 21:57:54 +00:00
.Pp
tinc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under certain conditions;
see the file COPYING for details.
2002-02-10 21:57:54 +00:00
.Sh AUTHORS
.An "Ivo Timmermans"
.An "Guus Sliepen" Aq guus@tinc-vpn.org
2002-02-10 21:57:54 +00:00
.Pp
And thanks to many others for their contributions to tinc!