Next: , Up: Running tinc   [Contents][Index]

5.1 Runtime options

Besides the settings in the configuration file, tinc also accepts some command line options.

-c, --config=path

Read configuration options from the directory path. The default is /etc/tinc/netname/.

-D, --no-detach

Don’t fork and detach. This will also disable the automatic restart mechanism for fatal errors.

-d, --debug=level

Set debug level to level. The higher the debug level, the more gets logged. Everything goes via syslog.

-n, --net=netname

Use configuration for net netname. This will let tinc read all configuration files from /etc/tinc/netname/. Specifying . for netname is the same as not specifying any netname. See Multiple networks.


Store a cookie in filename which allows tinc to authenticate. If unspecified, the default is /var/run/

-o, --option=[HOST.]KEY=VALUE

Without specifying a HOST, this will set server configuration variable KEY to VALUE. If specified as HOST.KEY=VALUE, this will set the host configuration variable KEY of the host named HOST to VALUE. This option can be used more than once to specify multiple configuration variables.

-L, --mlock

Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.

This option is not supported on all platforms.


Write log entries to a file instead of to the system logging facility. If file is omitted, the default is /var/log/tinc.netname.log.


Disables encryption and authentication. Only useful for debugging.

-R, --chroot

Change process root directory to the directory where the config file is located (/etc/tinc/netname/ as determined by -n/–net option or as given by -c/–config option), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.

Note that this option alone does not do any good without -U/–user, below.

Note also that tinc can’t run scripts anymore (such as tinc-down or host-up), unless it’s setup to be runnable inside chroot environment.

This option is not supported on all platforms.

-U, --user=user

Switch to the given user after initialization, at the same time as chroot is performed (see –chroot above). With this option tinc drops privileges, for added security.

This option is not supported on all platforms.


Display a short reminder of these runtime options and terminate.


Output version information and exit.

Next: , Up: Running tinc   [Contents][Index]