— tinc VPN
This is the daemon of tinc, a secure virtual private network (VPN) project. When
will read it's configuration file
to determine what virtual subnets it has to serve and to what other tinc
daemons it should connect. It will connect to the ethertap or tun/tap device
and set up a socket for incoming connections. Optionally a script will be
executed to further configure the virtual device. If that succeeds, it will
detach from the controlling terminal and continue in the background, accepting
and setting up connections to other tinc daemons that are part of the virtual
private network. Under Windows (not Cygwin) tinc will install itself as a
service, which will be restarted automatically after reboots.
- Read configuration files from
DIR instead of
- Don't fork and detach. This will also disable the automatic
restart mechanism for fatal errors. If not mentioned otherwise, this will
show log messages on the standard error output.
- Increase debug level or set it to
LEVEL (see below).
- Attempt to kill a running
tincd (optionally with the specified
SIGNAL instead of SIGTERM) and exit.
Under Windows (not Cygwin) the optional argument is ignored, the service
will always be stopped and removed.
- Connect to net NETNAME.
This will let tinc read all configuration files from
NETNAME. Specifying . for
NETNAME is the same as not specifying any
- Generate public/private RSA keypair and exit. If
BITS is omitted, the default length will
be 2048 bits. When saving keys to existing files, tinc will not delete the
old keys, you have to remove them manually.
- Without specifying a HOST,
this will set server configuration variable
VALUE. If specified as
HOST.KEY=VALUE, this will set the host
configuration variable KEY of the host
named HOST to
VALUE. This option can be used more than
once to specify multiple configuration variables.
- Lock tinc into main memory. This will prevent sensitive
data like shared private keys to be written to the system swap
- Write log entries to a file instead of to the system
logging facility. If FILE is omitted, the
- Write PID to FILE instead
Under Windows this option will be ignored.
- Disables encryption and authentication of the meta
protocol. Only useful for debugging.
- With this option tinc chroots into the directory where
network config is located (/etc/tinc/NETNAME if -n option is used, or to
the directory specified with -c option) after initialization.
- setuid to the specified
USER after initialization.
- Display short list of options.
- Output version information and exit.
- Forces tincd to try to connect
to all uplinks immediately. Usually tincd
attempts to do this itself, but increases the time it waits between the
attempts each time it failed, and if tincd
didn't succeed to connect to an uplink the first time after it started, it
defaults to the maximum time of 15 minutes.
- Partially rereads configuration files. Connections to hosts
whose host config file are removed are closed. New outgoing connections
specified in tinc.conf will be made. If the
--logfile option is used, this will also
close and reopen the log file, useful when log rotation is used.
- Temporarily increases debug level to 5. Send this signal
again to revert to the original level.
- Dumps the connection list to syslog.
- Dumps virtual network device statistics, all known nodes,
edges and subnets to syslog.
- Purges all information remembered about unreachable
The tinc daemon can send a lot of messages to the syslog. The higher the debug
level, the more messages it will log. Each level inherits all messages of the
- This will log a message indicating
tincd has started along with a version
number. It will also log any serious error.
- This will log all connections that are made with other tinc
- This will log status and error messages from scripts and
other tinc daemons.
- This will log all requests that are exchanged with other
tinc daemons. These include authentication, key exchange and connection
- This will log a copy of everything received on the meta
- This will log all network traffic over the virtual private
- Directory containing the configuration files tinc uses. For
more information, see tinc.conf(5).
- The PID of the currently running
tincd is stored in this file.
option may not work
The cryptography in tinc is not well tested yet. Use it
at your own risk!
If you find any bugs, report them to email@example.com.
A lot, especially security auditing.
The full documentation for tinc is maintained as a Texinfo manual. If the info
and tinc programs are properly installed at your site, the command
should give you access to the complete
tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under certain conditions; see the file COPYING for
And thanks to many others for their contributions to tinc!