Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
TINC.CONF(5)		  FreeBSD File Formats Manual		  TINC.CONF(5)

     tinc.conf -- tinc daemon configuration

     The files in the /usr/local/etc/tinc/ directory contain runtime and secu-
     rity information for the tinc daemon.

     To	distinguish multiple instances of tinc running on one computer,	you
     can use the -n option to assign a network name to each tinc daemon.

     The effect	of this	option is that the daemon will set its configuration
     root to /usr/local/etc/tinc/NETNAME/, where NETNAME is your argument to
     the -n option.  You'll notice that	messages appear	in syslog as coming
     from tincd.NETNAME, and on	Linux, unless specified	otherwise, the name of
     the virtual network interface will	be the same as the network name.

     It	is recommended that you	use network names even if you run only one in-
     stance of tinc.  However, you can choose not to use the -n	option.	 In
     this case,	the network name would just be empty, and tinc now looks for
     files in /usr/local/etc/tinc/, instead of /usr/local/etc/tinc/NETNAME/;
     the configuration file should be /usr/local/etc/tinc/tinc.conf, and the
     host configuration	files are now expected to be in

     Each tinc daemon must have	a name that is unique in the network which it
     will be part of.  The name	will be	used by	other tinc daemons for identi-
     fication.	The name has to	be declared in the
     /usr/local/etc/tinc/NETNAME/tinc.conf file.

     To	make things easy, choose something that	will give unique and easy to
     remember names to your tinc daemon(s).  You could try things like host-
     names, owner surnames or location names.  However,	you are	only allowed
     to	use alphanumerical characters (a-z, A-Z, and 0-9) and underscores (_)
     in	the name.

     If	you have not configured	tinc yet, you can easily create	a basic	con-
     figuration	using the following command:

	   tinc	-n NETNAME init	NAME

     You can further change the	configuration as needed	either by manually
     editing the configuration files, or by using tinc(8).

     The tinc init command will	have generated both RSA	and Ed25519 pub-
     lic/private keypairs.  The	private	keys should be stored in files named
     rsa_key.priv and ed25519_key.priv in the directory
     /usr/local/etc/tinc/NETNAME/ The public keys should be stored in the host
     configuration file	/usr/local/etc/tinc/NETNAME/hosts/NAME.	 The RSA keys
     are used for backwards compatibility with tinc version 1.0.  If you are
     upgrading from version 1.0	to 1.1,	you can	keep the old configuration
     files, but	you will need to create	Ed25519	keys using the following com-

	   tinc	-n NETNAME generate-ed25519-keys

     The server	configuration of the daemon is done in the file
     /usr/local/etc/tinc/NETNAME/tinc.conf.  This file consists	of comments
     (lines started with a #) or assignments in	the form of:

     Variable =	Value.

     The variable names	are case insensitive, and any spaces, tabs, newlines
     and carriage returns are ignored.	Note: it is not	required that you put
     in	the = sign, but	doing so improves readability.	If you leave it	out,
     remember to replace it with at least one space character.

     The server	configuration is complemented with host	specific configuration
     (see the next section).  Although all configuration options for the local
     host listed in this document can also be put in
     /usr/local/etc/tinc/NETNAME/tinc.conf, it is recommended to put host spe-
     cific configuration options in the	host configuration file, as this makes
     it	easy to	exchange with other nodes.

     You can edit the config file manually, but	it is recommended that you use
     tinc(8) to	change configuration variables for you.

     Here are all valid	variables, listed in alphabetical order.  The default
     value is given between parentheses.

     AddressFamily = ipv4 | ipv6 | any (any)
	     This option affects the address family of listening and outgoing
	     sockets.  If "any"	is selected, then depending on the operating
	     system both IPv4 and IPv6 or just IPv6 listening sockets will be


Want to link to this manual page? Use this URL:

home | help