git: 9front

ref: b8d3eb98ea92d0420feef324eb54a099465707e3
dir: /sys/man/8/tinc/

View raw version
.TH TINC 8
.SH NAME
tinc - mesh peer to peer VPN
.SH SYNOPSIS
.B ip/tinc
[
.B -d
] [
.B -p
.I maxprocs
] [
.B -x
.I inside
] [
.B -o
.I outside
] [
.B -c
.I confdir
] [
.B -n
.I myname
]
.I localip
.I localmask
[
.I hosts...
]
.SH DESCRIPTION
Tinc implements the mesh peer to peer VPN protocol from
.I https://www.tinc-vpn.org/
as of version 1.0.32. Within a tinc VPN one can reach all
the subnets of all hosts within the network even when not
directly connected to the owning host of the subnet.
.PP
Each host that is directly connected to us has its own hostfile under
.IR confdir /hosts/ hostname
containing its public address, owned subnets, options and RSA public key.
The hostfile format is the same as the original tinc implementation.
The
.I confdir
is specified with the
.B -c
option or defaults to the current working directory.
Other hosts might exist behind these directly connected nodes but
this information is distributed automatically within the protocol.
.PP
On startup,
.I tinc
creates an ip interface with the address
.I localip
and network mask
.I localmask
on the
.I inside
ip stack (specified with
.B -x
option) and starts listening for incoming connections on the
.I outside
ip stack (specified with the
.B -o
option). When optional
.I hosts
are specified on the command line, then it will also do outgoing connections
using the
.I outside
ip stack. The
.I localmask
usually is a supernet of all the subnets within the VPN. Our own hostname
.I myhost
can be specified with
.B -n
option or is assumed to be the
.I sysname
when not specified.
This host's RSA private key needs to be present in factotum and tagged with
.BR "service=tinc"
and
.BI "host=" myhost .
.PP
The options:
.TP
.B -d
Enable debug output and do not fork to the background.
.TP
.B -p
Limit the number of client processes (incoming and
outgoing connections per protocol) to
.IR  maxprocs .
.TP
.B -x
Specifies the
.I inside
and
.I outside
network stack directory where the tinc ip interface is bound. Defaults to
.BR /net .
.TP
.B -o
Specifies the
.I outside
network stack directory where incoming and outgoing tinc connections
are made. Defaults to
.BR inside .
.TP
.B -c
Specifies the configuration directory
.I confdir
for the VPN.
.TP
.B -n
Sets our hostname to
.IR myhost .
.SH "SEE ALSO"
.IR rsa (8),
.IR ip (3)
.br
.I https://www.tinc-vpn.org/documentation/
.SH SOURCE
.B /sys/src/cmd/ip/tinc.c
.SH HISTORY
.I Tinc
first appeared in 9front (October, 2017).