2013-01-20 20:03:22 +00:00
|
|
|
.Dd 2013-01-14
|
2002-02-10 21:57:54 +00:00
|
|
|
.Dt TINCD 8
|
|
|
|
.\" Manual page created by:
|
2006-04-26 13:52:58 +00:00
|
|
|
.\" Ivo Timmermans
|
2004-03-21 14:21:22 +00:00
|
|
|
.\" Guus Sliepen <guus@tinc-vpn.org>
|
2002-02-10 21:57:54 +00:00
|
|
|
.Sh NAME
|
|
|
|
.Nm tincd
|
|
|
|
.Nd tinc VPN daemon
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm
|
2015-03-13 11:05:22 +00:00
|
|
|
.Op Fl cdDKnsoLRU
|
2002-02-10 21:57:54 +00:00
|
|
|
.Op Fl -config Ns = Ns Ar DIR
|
2003-07-30 09:22:29 +00:00
|
|
|
.Op Fl -no-detach
|
|
|
|
.Op Fl -debug Ns Op = Ns Ar LEVEL
|
|
|
|
.Op Fl -net Ns = Ns Ar NETNAME
|
2012-02-21 12:13:40 +00:00
|
|
|
.Op Fl -option Ns = Ns Ar [HOST.]KEY=VALUE
|
2003-07-30 09:22:29 +00:00
|
|
|
.Op Fl -mlock
|
|
|
|
.Op Fl -logfile Ns Op = Ns Ar FILE
|
2015-03-13 11:05:22 +00:00
|
|
|
.Op Fl -syslog
|
2003-07-30 09:22:29 +00:00
|
|
|
.Op Fl -bypass-security
|
2009-05-18 12:25:41 +00:00
|
|
|
.Op Fl -chroot
|
|
|
|
.Op Fl -user Ns = Ns Ar USER
|
2002-02-10 21:57:54 +00:00
|
|
|
.Op Fl -help
|
|
|
|
.Op Fl -version
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
This is the daemon of tinc, a secure virtual private network (VPN) project.
|
|
|
|
When started,
|
|
|
|
.Nm
|
|
|
|
will read it's configuration file to determine what virtual subnets it has to serve
|
|
|
|
and to what other tinc daemons it should connect.
|
|
|
|
It will connect to the ethertap or tun/tap device
|
|
|
|
and set up a socket for incoming connections.
|
|
|
|
Optionally a script will be executed to further configure the virtual device.
|
|
|
|
If that succeeds,
|
|
|
|
it will detach from the controlling terminal and continue in the background,
|
|
|
|
accepting and setting up connections to other tinc daemons
|
|
|
|
that are part of the virtual private network.
|
2003-08-09 00:53:22 +00:00
|
|
|
Under Windows (not Cygwin) tinc will install itself as a service,
|
2003-08-02 21:55:12 +00:00
|
|
|
which will be restarted automatically after reboots.
|
2002-02-10 21:57:54 +00:00
|
|
|
.Sh OPTIONS
|
|
|
|
.Bl -tag -width indent
|
|
|
|
.It Fl c, -config Ns = Ns Ar DIR
|
2003-08-09 00:53:22 +00:00
|
|
|
Read configuration files from
|
|
|
|
.Ar DIR
|
|
|
|
instead of
|
|
|
|
.Pa @sysconfdir@/tinc/ .
|
2003-07-30 09:22:29 +00:00
|
|
|
.It Fl D, -no-detach
|
|
|
|
Don't fork and detach.
|
|
|
|
This will also disable the automatic restart mechanism for fatal errors.
|
2003-08-09 00:53:22 +00:00
|
|
|
If not mentioned otherwise, this will show log messages on the standard error output.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It Fl d, -debug Ns Op = Ns Ar LEVEL
|
|
|
|
Increase debug level or set it to
|
|
|
|
.Ar LEVEL
|
|
|
|
(see below).
|
|
|
|
.It Fl n, -net Ns = Ns Ar NETNAME
|
|
|
|
Connect to net
|
|
|
|
.Ar NETNAME .
|
2011-01-02 16:24:23 +00:00
|
|
|
This will let tinc read all configuration files from
|
|
|
|
.Pa @sysconfdir@/tinc/ Ar NETNAME .
|
|
|
|
Specifying
|
|
|
|
.Li .
|
|
|
|
for
|
|
|
|
.Ar NETNAME
|
|
|
|
is the same as not specifying any
|
|
|
|
.Ar NETNAME .
|
2012-02-21 12:13:40 +00:00
|
|
|
.It Fl o, -option Ns = Ns Ar [HOST.]KEY=VALUE
|
|
|
|
Without specifying a
|
|
|
|
.Ar HOST ,
|
|
|
|
this will set server configuration variable
|
|
|
|
.Ar KEY
|
|
|
|
to
|
|
|
|
.Ar VALUE .
|
|
|
|
If specified as
|
|
|
|
.Ar HOST.KEY=VALUE ,
|
|
|
|
this will set the host configuration variable
|
|
|
|
.Ar KEY
|
|
|
|
of the host named
|
|
|
|
.Ar HOST
|
|
|
|
to
|
|
|
|
.Ar VALUE .
|
|
|
|
This option can be used more than once to specify multiple configuration variables.
|
2002-09-15 22:19:38 +00:00
|
|
|
.It Fl L, -mlock
|
|
|
|
Lock tinc into main memory.
|
|
|
|
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
2013-01-14 11:58:24 +00:00
|
|
|
This option is not supported on all platforms.
|
2003-07-30 09:22:29 +00:00
|
|
|
.It Fl -logfile Ns Op = Ns Ar FILE
|
|
|
|
Write log entries to a file instead of to the system logging facility.
|
|
|
|
If
|
|
|
|
.Ar FILE
|
|
|
|
is omitted, the default is
|
2003-08-08 14:07:12 +00:00
|
|
|
.Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
|
2015-03-13 11:05:22 +00:00
|
|
|
.It Fl s, -syslog
|
|
|
|
When this option is is set, tinc uses syslog instead of stderr in --no-detach mode.
|
2011-06-26 10:59:11 +00:00
|
|
|
.It Fl -pidfile Ns = Ns Ar FILENAME
|
2011-06-25 12:52:47 +00:00
|
|
|
Store a cookie in
|
|
|
|
.Ar FILENAME
|
|
|
|
which allows
|
2013-03-08 15:22:56 +00:00
|
|
|
.Xr tinc 8
|
2011-06-25 12:52:47 +00:00
|
|
|
to authenticate.
|
2007-09-04 15:06:35 +00:00
|
|
|
If
|
2003-07-30 09:22:29 +00:00
|
|
|
.Ar FILE
|
2007-09-04 15:06:35 +00:00
|
|
|
is omitted, the default is
|
2011-06-26 10:59:11 +00:00
|
|
|
.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
|
2003-07-30 09:22:29 +00:00
|
|
|
.It Fl -bypass-security
|
|
|
|
Disables encryption and authentication of the meta protocol.
|
|
|
|
Only useful for debugging.
|
2010-11-12 10:33:01 +00:00
|
|
|
.It Fl R, -chroot
|
2009-05-18 12:25:41 +00:00
|
|
|
With this option tinc chroots into the directory where network
|
|
|
|
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
|
|
|
|
or to the directory specified with -c option) after initialization.
|
2013-01-14 11:58:24 +00:00
|
|
|
This option is not supported on all platforms.
|
2010-11-12 10:33:01 +00:00
|
|
|
.It Fl U, -user Ns = Ns Ar USER
|
2009-05-18 12:25:41 +00:00
|
|
|
setuid to the specified
|
|
|
|
.Ar USER
|
|
|
|
after initialization.
|
2013-01-14 11:58:24 +00:00
|
|
|
This option is not supported on all platforms.
|
2003-07-30 09:22:29 +00:00
|
|
|
.It Fl -help
|
|
|
|
Display short list of options.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It Fl -version
|
2000-07-01 14:32:24 +00:00
|
|
|
Output version information and exit.
|
2002-02-10 21:57:54 +00:00
|
|
|
.El
|
|
|
|
.Sh SIGNALS
|
|
|
|
.Bl -tag -width indent
|
2011-06-25 18:20:07 +00:00
|
|
|
.It ALRM
|
|
|
|
Forces
|
|
|
|
.Nm
|
|
|
|
to try to connect to all uplinks immediately.
|
|
|
|
Usually
|
|
|
|
.Nm
|
|
|
|
attempts to do this itself,
|
|
|
|
but increases the time it waits between the attempts each time it failed,
|
|
|
|
and if
|
|
|
|
.Nm
|
|
|
|
didn't succeed to connect to an uplink the first time after it started,
|
|
|
|
it defaults to the maximum time of 15 minutes.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It HUP
|
2003-07-30 09:22:29 +00:00
|
|
|
Partially rereads configuration files.
|
|
|
|
Connections to hosts whose host config file are removed are closed.
|
|
|
|
New outgoing connections specified in
|
|
|
|
.Pa tinc.conf
|
|
|
|
will be made.
|
2011-06-06 14:26:11 +00:00
|
|
|
If the
|
|
|
|
.Fl -logfile
|
|
|
|
option is used, this will also close and reopen the log file,
|
|
|
|
useful when log rotation is used.
|
2002-02-10 21:57:54 +00:00
|
|
|
.El
|
|
|
|
.Sh DEBUG LEVELS
|
|
|
|
The tinc daemon can send a lot of messages to the syslog.
|
|
|
|
The higher the debug level,
|
|
|
|
the more messages it will log.
|
|
|
|
Each level inherits all messages of the previous level:
|
|
|
|
.Bl -tag -width indent
|
|
|
|
.It 0
|
|
|
|
This will log a message indicating
|
|
|
|
.Nm
|
|
|
|
has started along with a version number.
|
2003-10-11 14:42:30 +00:00
|
|
|
It will also log any serious error.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It 1
|
2000-07-01 14:32:24 +00:00
|
|
|
This will log all connections that are made with other tinc daemons.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It 2
|
2003-08-09 00:53:22 +00:00
|
|
|
This will log status and error messages from scripts and other tinc daemons.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It 3
|
2000-07-01 14:32:24 +00:00
|
|
|
This will log all requests that are exchanged with other tinc daemons. These include
|
|
|
|
authentication, key exchange and connection list updates.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It 4
|
2000-07-01 14:32:24 +00:00
|
|
|
This will log a copy of everything received on the meta socket.
|
2002-02-10 21:57:54 +00:00
|
|
|
.It 5
|
2000-10-30 00:22:54 +00:00
|
|
|
This will log all network traffic over the virtual private network.
|
2002-02-10 21:57:54 +00:00
|
|
|
.El
|
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width indent
|
2003-08-09 00:53:22 +00:00
|
|
|
.It Pa @sysconfdir@/tinc/
|
|
|
|
Directory containing the configuration files tinc uses.
|
|
|
|
For more information, see
|
|
|
|
.Xr tinc.conf 5 .
|
2003-08-08 14:07:12 +00:00
|
|
|
.It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid
|
2002-02-10 21:57:54 +00:00
|
|
|
The PID of the currently running
|
|
|
|
.Nm
|
|
|
|
is stored in this file.
|
|
|
|
.El
|
|
|
|
.Sh BUGS
|
|
|
|
The
|
2002-03-25 15:01:32 +00:00
|
|
|
.Va BindToInterface
|
|
|
|
option may not work correctly.
|
2002-02-10 21:57:54 +00:00
|
|
|
.Pp
|
|
|
|
.Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
|
|
|
|
.Pp
|
2004-03-21 14:21:22 +00:00
|
|
|
If you find any bugs, report them to tinc@tinc-vpn.org.
|
2002-02-10 21:57:54 +00:00
|
|
|
.Sh TODO
|
|
|
|
A lot, especially security auditing.
|
|
|
|
.Sh SEE ALSO
|
2013-03-08 15:22:56 +00:00
|
|
|
.Xr tinc 8 ,
|
2002-02-10 21:57:54 +00:00
|
|
|
.Xr tinc.conf 5 ,
|
2016-04-10 13:04:59 +00:00
|
|
|
.Pa https://www.tinc-vpn.org/ ,
|
2002-02-10 21:57:54 +00:00
|
|
|
.Pa http://www.cabal.org/ .
|
|
|
|
.Pp
|
|
|
|
The full documentation for tinc is maintained as a Texinfo manual.
|
|
|
|
If the info and tinc programs are properly installed at your site,
|
|
|
|
the command
|
|
|
|
.Ic info tinc
|
2000-07-01 14:32:24 +00:00
|
|
|
should give you access to the complete manual.
|
2002-02-10 21:57:54 +00:00
|
|
|
.Pp
|
|
|
|
tinc comes with ABSOLUTELY NO WARRANTY.
|
|
|
|
This is free software, and you are welcome to redistribute it under certain conditions;
|
2000-07-01 14:32:24 +00:00
|
|
|
see the file COPYING for details.
|
2002-02-10 21:57:54 +00:00
|
|
|
.Sh AUTHORS
|
2006-04-26 13:52:58 +00:00
|
|
|
.An "Ivo Timmermans"
|
2004-03-21 14:21:22 +00:00
|
|
|
.An "Guus Sliepen" Aq guus@tinc-vpn.org
|
2002-02-10 21:57:54 +00:00
|
|
|
.Pp
|
2000-07-01 14:40:56 +00:00
|
|
|
And thanks to many others for their contributions to tinc!
|