Man Linux: Main Page and Category List


     tincd - tinc VPN daemon


     tincd [-cdDkKnLRU] [--config=DIR] [--no-detach] [--debug[=LEVEL]]
           [--kill[=SIGNAL]] [--net=NETNAME] [--generate-keys[=BITS]]
           [--mlock] [--logfile[=FILE]] [--pidfile=FILE] [--bypass-security]
           [--chroot] [--user=USER] [--help] [--version]


     This is the daemon of tinc, a secure virtual private network (VPN)
     project.  When started, tincd will read it’s configuration file to
     determine what virtual subnets it has to serve and to what other tinc
     daemons it should connect.  It will connect to the ethertap or tun/tap
     device and set up a socket for incoming connections.  Optionally a script
     will be executed to further configure the virtual device.  If that
     succeeds, it will detach from the controlling terminal and continue in
     the background, accepting and setting up connections to other tinc
     daemons that are part of the virtual private network.  Under Windows (not
     Cygwin) tinc will install itself as a service, which will be restarted
     automatically after reboots.


     -c, --config=DIR
             Read configuration files from DIR instead of /etc/tinc/.

     -D, --no-detach
             Don’t fork and detach.  This will also disable the automatic
             restart mechanism for fatal errors.  If not mentioned otherwise,
             this will show log messages on the standard error output.

     -d, --debug[=LEVEL]
             Increase debug level or set it to LEVEL (see below).

     -k, --kill[=SIGNAL]
             Attempt to kill a running tincd (optionally with the specified
             SIGNAL instead of SIGTERM) and exit.  Under Windows (not Cygwin)
             the optional argument is ignored, the service will always be
             stopped and removed.

     -n, --net=NETNAME
             Connect to net NETNAME.

     -K, --generate-keys[=BITS]
             Generate public/private RSA keypair and exit.  If BITS is
             omitted, the default length will be 2048 bits.  When saving keys
             to existing files, tinc will not delete the old keys, you have to
             remove them manually.

     -L, --mlock
             Lock tinc into main memory.  This will prevent sensitive data
             like shared private keys to be written to the system swap

             Write log entries to a file instead of to the system logging
             facility.  If FILE is omitted, the default is

             Write PID to FILE instead of /var/run/ Under
             Windows this option will be ignored.

             Disables encryption and authentication of the meta protocol.
             Only useful for debugging.

             With this option tinc chroots into the directory where network
             config is located (/etc/tinc/NETNAME if -n option is used, or to
             the directory specified with -c option) after initialization.

             setuid to the specified USER after initialization.

     --help  Display short list of options.

             Output version information and exit.


     ALRM    Forces tincd to try to connect to all uplinks immediately.
             Usually tincd attempts to do this itself, but increases the time
             it waits between the attempts each time it failed, and if tincd
             didn’t succeed to connect to an uplink the first time after it
             started, it defaults to the maximum time of 15 minutes.

     HUP     Partially rereads configuration files.  Connections to hosts
             whose host config file are removed are closed.  New outgoing
             connections specified in tinc.conf will be made.

     INT     Temporarily increases debug level to 5.  Send this signal again
             to revert to the original level.

     USR1    Dumps the connection list to syslog.

     USR2    Dumps virtual network device statistics, all known nodes, edges
             and subnets to syslog.

     WINCH   Purges all information remembered about unreachable nodes.


     The tinc daemon can send a lot of messages to the syslog.  The higher the
     debug level, the more messages it will log.  Each level inherits all
     messages of the previous level:

     0       This will log a message indicating tincd has started along with a
             version number.  It will also log any serious error.

     1       This will log all connections that are made with other tinc

     2       This will log status and error messages from scripts and other
             tinc daemons.

     3       This will log all requests that are exchanged with other tinc
             daemons. These include authentication, key exchange and
             connection list updates.

     4       This will log a copy of everything received on the meta socket.

     5       This will log all network traffic over the virtual private


             Directory containing the configuration files tinc uses.  For more
             information, see tinc.conf(5).

             The PID of the currently running tincd is stored in this file.


     The BindToInterface option may not work correctly.

     The cryptography in tinc is not well tested yet. Use it at your own risk!

     If you find any bugs, report them to


     A lot, especially security auditing.



     The full documentation for tinc is maintained as a Texinfo manual.  If
     the info and tinc programs are properly installed at your site, the
     command info tinc should give you access to the complete manual.

     tinc comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
     are welcome to redistribute it under certain conditions; see the file
     COPYING for details.


     Ivo Timmermans
     Guus Sliepen 〈〉

     And thanks to many others for their contributions to tinc!