Next: , Up: Running tinc   [Contents][Index]


5.1 Runtime options

Besides the settings in the configuration file, tinc also accepts some command line options.

-c, --config=path

Read configuration options from the directory path. The default is /usr/local/etc/tinc/netname/.

-D, --no-detach

Don’t fork and detach. This will also disable the automatic restart mechanism for fatal errors.

-d, --debug=level

Set debug level to level. The higher the debug level, the more gets logged. Everything goes via syslog.

-n, --net=netname

Use configuration for net netname. This will let tinc read all configuration files from /usr/local/etc/tinc/netname/. Specifying . for netname is the same as not specifying any netname. See Multiple networks.

--pidfile=filename

Store a cookie in filename which allows tinc to authenticate. If unspecified, the default is /usr/local/var/run/tinc.netname.pid.

-o, --option=[HOST.]KEY=VALUE

Without specifying a HOST, this will set server configuration variable KEY to VALUE. If specified as HOST.KEY=VALUE, this will set the host configuration variable KEY of the host named HOST to VALUE. This option can be used more than once to specify multiple configuration variables.

-L, --mlock

Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.

This option is not supported on all platforms.

--logfile[=file]

Write log entries to a file instead of to the system logging facility. If file is omitted, the default is /usr/local/var/log/tinc.netname.log.

--pidfile=file

Write PID to file instead of /usr/local/var/run/tinc.netname.pid.

--bypass-security

Disables encryption and authentication. Only useful for debugging.

-R, --chroot

Change process root directory to the directory where the config file is located (/usr/local/etc/tinc/netname/ as determined by -n/–net option or as given by -c/–config option), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.

This option is best used in combination with the -U/–user option described below.

You will need to ensure the chroot environment contains all the files necessary for tinc to run correctly. Most importantly, for tinc to be able to resolve hostnames inside the chroot environment, you must copy /etc/resolv.conf into the chroot directory. If you want to be able to run scripts other than tinc-up in the chroot, you must ensure the appropriate shell is also installed in the chroot, along with all its dependencies.

This option is not supported on all platforms.

-U, --user=user

Switch to the given user after initialization, at the same time as chroot is performed (see –chroot above). With this option tinc drops privileges, for added security.

This option is not supported on all platforms.

--help

Display a short reminder of these runtime options and terminate.

--version

Output version information and exit.


Next: , Up: Running tinc   [Contents][Index]