info_TEXINFOS = tinc.texi
-man_MANS = tincd.8 tinc.conf.5
+man_MANS = tincd.8 tincctl.8 tinc.conf.5
-EXTRA_DIST = tincinclude.texi.in tincd.8.in tinc.conf.5.in sample-config.tar.gz
+EXTRA_DIST = tincinclude.texi.in tincd.8.in tincctl.8.in tinc.conf.5.in sample-config.tar.gz
-CLEANFILES = *.html tinc.info tincd.8 tinc.conf.5 tincinclude.texi
+CLEANFILES = *.html tinc.info tincd.8 tincctl.8 tinc.conf.5 tincinclude.texi
# Use `ginstall' in the definition of man_MANS to avoid
# confusion with the `install' target. The install rule transforms `ginstall'
tincd.8.html: tincd.8
w3mman2html $< > $@
+tincctl.8.html: tincctl.8
+ w3mman2html $< > $@
+
tinc.conf.5.html: tinc.conf.5
w3mman2html $< > $@
tincd.8: tincd.8.in
$(substitute) tincd.8.in > tincd.8
+tincctl.8: tincctl.8.in
+ $(substitute) tincctl.8.in > tincctl.8
+
tinc.conf.5: tinc.conf.5.in
$(substitute) tinc.conf.5.in > tinc.conf.5
* Installation::
* Configuration::
* Running tinc::
+* Controlling tinc::
* Technical information::
* Platform specific information::
* About us::
@cindex PrivateKeyFile
@item PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv})
This is the full path name of the RSA private key file that was
-generated by @samp{tincd --generate-keys}. It must be a full path, not a
+generated by @samp{tincctl generate-keys}. It must be a full path, not a
relative directory.
Note that there must be exactly one of PrivateKey
@cindex PublicKeyFile
@item PublicKeyFile = <@var{path}> [obsolete]
This is the full path name of the RSA public key file that was generated
-by @samp{tincd --generate-keys}. It must be a full path, not a relative
+by @samp{tincctl generate-keys}. It must be a full path, not a relative
directory.
@cindex PEM format
you can easily create a public/private keypair by entering the following command:
@example
-tincd -n @var{netname} -K
+tincctl -n @var{netname} generate-keys
@end example
Tinc will generate a public and a private key and ask you where to put them.
A, B, C and D all have generated a public/private keypair with the following command:
@example
-tincd -n company -K
+tincctl -n company generate-keys
@end example
The private key is stored in @file{@value{sysconfdir}/tinc/company/rsa_key.priv},
Set debug level to @var{level}. The higher the debug level, the more gets
logged. Everything goes via syslog.
-@item -k, --kill[=@var{signal}]
-Attempt to kill a running tincd (optionally with the specified @var{signal} instead of SIGTERM) and exit.
-Use it in conjunction with the -n option to make sure you kill the right tinc daemon.
-Under native Windows the optional argument is ignored,
-the service will always be stopped and removed.
-
@item -n, --net=@var{netname}
Use configuration for net @var{netname}. @xref{Multiple networks}.
-@item -K, --generate-keys[=@var{bits}]
-Generate public/private keypair of @var{bits} length. If @var{bits} is not specified,
-1024 is the default. tinc will ask where you want to store the files,
-but will default to the configuration directory (you can use the -c or -n option
-in combination with -K). After that, tinc will quit.
+@item --controlsocket=@var{filename}
+Open control socket at @var{filename}. If unspecified, the default is
+@file{@value{localstatedir}/run/tinc.@var{netname}.control}.
@item -L, --mlock
Lock tinc into main memory.
Write log entries to a file instead of to the system logging facility.
If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}.
-@item --pidfile=@var{file}
-Write PID to @var{file} instead of @file{@value{localstatedir}/run/tinc.@var{netname}.pid}.
-
@item --bypass-security
Disables encryption and authentication.
Only useful for debugging.
@item The output of any command that fails to work as it should (like ping or traceroute).
@end itemize
+@c ==================================================================
+@node Controlling tinc
+@chapter Controlling tinc
+
+You can control and inspect a running @samp{tincd} through the @samp{tincctl}
+command. A quick example:
+
+@example
+tincctl -n @var{netname} reload
+@end example
+
+@menu
+* tincctl runtime options::
+* tincctl commands::
+@end menu
+
+
+@c ==================================================================
+@node tincctl runtime options
+@section tincctl runtime options
+
+@c from the manpage
+@table @option
+@item -c, --config=@var{path}
+Read configuration options from the directory @var{path}. The default is
+@file{@value{sysconfdir}/tinc/@var{netname}/}.
+
+@item -n, --net=@var{netname}
+Use configuration for net @var{netname}. @xref{Multiple networks}.
+
+@item --controlsocket=@var{filename}
+Open control socket at @var{filename}. If unspecified, the default is
+@file{@value{localstatedir}/run/tinc.@var{netname}.control}.
+
+@item --help
+Display a short reminder of runtime options and commands, then terminate.
+
+@item --version
+Output version information and exit.
+
+@end table
+
+
+@c ==================================================================
+@node tincctl commands
+@section tincctl commands
+
+@c from the manpage
+@table @code
+
+@item start
+Start @samp{tincd}.
+
+@item stop
+Stop @samp{tincd}.
+
+@item restart
+Restart @samp{tincd}.
+
+@item reload
+Partially rereads configuration files. Connections to hosts whose host
+config files are removed are closed. New outgoing connections specified
+in @file{tinc.conf} will be made.
+
+@item pid
+Shows the PID of the currently running @samp{tincd}.
+
+@item generate-keys [@var{bits}]
+Generate public/private keypair of @var{bits} length. If @var{bits} is not specified,
+1024 is the default. tinc will ask where you want to store the files,
+but will default to the configuration directory (you can use the -c or -n
+option).
+
+@item dump nodes
+Dump a list of all known nodes in the VPN.
+
+@item dump edges
+Dump a list of all known connections in the VPN.
+
+@item dump subnets
+Dump a list of all known subnets in the VPN.
+
+@item dump connections
+Dump a list of all meta connections with ourself.
+
+@item dump graph
+Dump a graph of the VPN in dotty format.
+
+@end table
+
+
@c ==================================================================
@node Technical information
@chapter Technical information
.Nd tinc VPN daemon
.Sh SYNOPSIS
.Nm
-.Op Fl cdDkKnL
+.Op Fl cdDKnL
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -no-detach
.Op Fl -debug Ns Op = Ns Ar LEVEL
-.Op Fl -kill Ns Op = Ns Ar SIGNAL
.Op Fl -net Ns = Ns Ar NETNAME
-.Op Fl -generate-keys Ns Op = Ns Ar BITS
.Op Fl -mlock
.Op Fl -logfile Ns Op = Ns Ar FILE
-.Op Fl -pidfile Ns = Ns Ar FILE
.Op Fl -bypass-security
.Op Fl -help
.Op Fl -version
Increase debug level or set it to
.Ar LEVEL
(see below).
-.It Fl k, -kill Ns Op = Ns Ar SIGNAL
-Attempt to kill a running
-.Nm
-(optionally with the specified
-.Ar SIGNAL
-instead of SIGTERM) and exit.
-Under Windows (not Cygwin) the optional argument is ignored,
-the service will always be stopped and removed.
.It Fl n, -net Ns = Ns Ar NETNAME
Connect to net
.Ar NETNAME .
-.It Fl K, -generate-keys Ns Op = Ns Ar BITS
-Generate public/private RSA keypair and exit.
-If
-.Ar BITS
-is omitted, the default length will be 1024 bits.
-When saving keys to existing files, tinc will not delete the old keys,
-you have to remove them manually.
.It Fl L, -mlock
Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
.Ar FILE
is omitted, the default is
.Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
-.It Fl -pidfile Ns = Ns Ar FILE
-Write PID to
+.It Fl -controlsocket Ns = Ns Ar FILENAME
+Open control socket at
+.Ar FILENAME .
+If
.Ar FILE
-instead of
-.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
-Under Windows this option will be ignored.
+is omitted, the default is
+.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .control.
.It Fl -bypass-security
Disables encryption and authentication of the meta protocol.
Only useful for debugging.
.Sh TODO
A lot, especially security auditing.
.Sh SEE ALSO
+.Xr tincctl 8 ,
.Xr tinc.conf 5 ,
.Pa http://www.tinc-vpn.org/ ,
.Pa http://www.cabal.org/ .
msgstr ""
"Project-Id-Version: tinc 1.0-svn\n"
"Report-Msgid-Bugs-To: tinc-devel@tinc-vpn.org\n"
-"POT-Creation-Date: 2007-01-05 14:14+0100\n"
+"POT-Creation-Date: 2007-03-07 18:48+0100\n"
"PO-Revision-Date: 2007-01-05 14:14+0100\n"
"Last-Translator: Guus Sliepen <guus@tinc-vpn.org>\n"
"Language-Team: Dutch\n"
msgid "BROADCAST"
msgstr "BROADCAST"
-#: src/connection.c:120
+#: src/connection.c:115
msgid "Connections:"
msgstr "Verbindingen:"
-#: src/connection.c:124
+#: src/connection.c:119
#, c-format
msgid " %s at %s options %lx socket %d status %04x outbuf %d/%d/%d"
msgstr " %s op %s opties %lx socket %d status %04x outbuf %d/%d/%d"
-#: src/connection.c:129
+#: src/connection.c:124
msgid "End of connections."
msgstr "Einde van verbindingen."
msgid "Purging node %s (%s)"
msgstr "Verwijdering node %s (%s)"
-#: src/net.c:173
+#: src/net.c:159
#, c-format
msgid "Closing connection with %s (%s)"
msgstr "Beëindigen verbinding met %s (%s)"
-#: src/net.c:244
+#: src/net.c:230
#, c-format
msgid "%s (%s) didn't respond to PING in %ld seconds"
msgstr "%s (%s) antwoordde niet binnen %ld seconden op PING"
-#: src/net.c:253
+#: src/net.c:239
#, c-format
msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..."
msgstr ""
"Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt "
"verwijderd..."
-#: src/net.c:258
+#: src/net.c:244
#, c-format
msgid "Timeout from %s (%s) during authentication"
msgstr "Timeout van %s (%s) tijdens authenticatie"
-#: src/net.c:273
+#: src/net.c:259
#, c-format
msgid "%s (%s) could not flush for %ld seconds (%d bytes remaining)"
msgstr "%s (%s) kon niet binnen %ld seconden wegschrijven (%d bytes over)"
-#: src/net.c:318
+#: src/net.c:286
#, c-format
msgid "Error while connecting to %s (%s): %s"
msgstr "Fout tijdens schrijven naar %s (%s): %s"
-#: src/net.c:383
+#: src/net.c:345
+#, fuzzy, c-format
+msgid "Error building fdset: %s"
+msgstr "Fout tijdens lezen van standaardinvoer: %s\n"
+
+#: src/net.c:354
#, c-format
msgid "Error while waiting for input: %s"
msgstr "Fout tijdens wachten op invoer: %s"
-#: src/net.c:414
+#: src/net.c:383
msgid "Regenerating symmetric key"
msgstr "Hergenereren symmetrische sleutel"
-#: src/net.c:431
+#: src/net.c:400
msgid "Flushing event queue"
msgstr "Legen taakrij"
-#: src/net.c:455
+#: src/net.c:419
msgid "Unable to reread configuration file, exitting."
msgstr "Kan configuratiebestand niet herlezen, beëindigen."
msgid "Setting outgoing packet priority to %d"
msgstr "Instellen prioriteit uitgaand pakket op %d"
-#: src/net_packet.c:393 src/net_setup.c:478 src/net_socket.c:129
-#: src/net_socket.c:158 src/tincd.c:435 src/tincd.c:472 src/process.c:198
-#: src/process.c:231 src/process.c:428 src/bsd/device.c:93
+#: src/net_packet.c:393 src/net_setup.c:487 src/net_socket.c:129
+#: src/net_socket.c:158 src/tincd.c:435 src/tincd.c:477 src/process.c:198
+#: src/process.c:231 src/process.c:430 src/bsd/device.c:93
#: src/bsd/device.c:112 src/cygwin/device.c:140 src/cygwin/device.c:171
#: src/mingw/device.c:73 src/mingw/device.c:82 src/mingw/device.c:87
#: src/mingw/device.c:256 src/mingw/device.c:263 src/mingw/device.c:268
msgid "Received UDP packet from unknown source %s"
msgstr "Ontvangst UDP pakket van onbekende oorsprong %s"
-#: src/net_setup.c:77 src/net_setup.c:94
+#: src/net_setup.c:78 src/net_setup.c:95
#, c-format
msgid "Error reading RSA public key file `%s': %s"
msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s"
-#: src/net_setup.c:109
+#: src/net_setup.c:110
#, c-format
msgid "Reading RSA public key file `%s' failed: %s"
msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s"
-#: src/net_setup.c:145
+#: src/net_setup.c:146
#, c-format
msgid "No public key for %s specified!"
msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!"
-#: src/net_setup.c:160
+#: src/net_setup.c:161
msgid "PrivateKey used but no PublicKey found!"
msgstr "PrivateKey gebruikt maar geen PublicKey gevonden!"
-#: src/net_setup.c:179
+#: src/net_setup.c:180
#, c-format
msgid "Error reading RSA private key file `%s': %s"
msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s"
-#: src/net_setup.c:187
+#: src/net_setup.c:188
#, c-format
msgid "Could not stat RSA private key file `%s': %s'"
msgstr "Kon gegevens RSA privé sleutel bestand `%s' niet opvragen: %s"
-#: src/net_setup.c:194
+#: src/net_setup.c:195
#, c-format
msgid "Warning: insecure file permissions for RSA private key file `%s'!"
msgstr ""
"Waarschuwing: onveilige permissies voor RSA privé sleutel bestand `%s'!"
-#: src/net_setup.c:201
+#: src/net_setup.c:202
#, c-format
msgid "Reading RSA private key file `%s' failed: %s"
msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s"
-#: src/net_setup.c:231 src/net_setup.c:232
+#: src/net_setup.c:232 src/net_setup.c:233
msgid "MYSELF"
msgstr "MIJZELF"
-#: src/net_setup.c:238
+#: src/net_setup.c:239
msgid "Name for tinc daemon required!"
msgstr "Naam voor tinc daemon verplicht!"
-#: src/net_setup.c:243
+#: src/net_setup.c:244
msgid "Invalid name for myself!"
msgstr "Ongeldige naam voor mijzelf!"
-#: src/net_setup.c:252
+#: src/net_setup.c:253
msgid "Cannot open host configuration file for myself!"
msgstr "Kan host configuratie bestand voor mijzelf niet openen!"
-#: src/net_setup.c:305
+#: src/net_setup.c:306
msgid "Invalid routing mode!"
msgstr "Ongeldige routing modus!"
-#: src/net_setup.c:316
+#: src/net_setup.c:317
msgid "PriorityInheritance not supported on this platform"
msgstr "PriorityInheritance wordt niet ondersteund op dit platform"
-#: src/net_setup.c:324
+#: src/net_setup.c:325
msgid "Bogus maximum timeout!"
msgstr "Onzinnige maximum timeout!"
-#: src/net_setup.c:338
+#: src/net_setup.c:339
msgid "Invalid address family!"
msgstr "Ongeldige adresfamilie!"
-#: src/net_setup.c:356
+#: src/net_setup.c:357
msgid "Unrecognized cipher type!"
msgstr "Onbekend cipher type!"
-#: src/net_setup.c:381 src/protocol_auth.c:194
+#: src/net_setup.c:382 src/protocol_auth.c:194
#, c-format
msgid "Error during initialisation of cipher for %s (%s): %s"
msgstr "Fout tijdens initialisatie van cipher voor %s (%s): %s"
-#: src/net_setup.c:398
+#: src/net_setup.c:399
msgid "Unrecognized digest type!"
msgstr "Onbekend digest type!"
-#: src/net_setup.c:411
+#: src/net_setup.c:412
msgid "MAC length exceeds size of digest!"
msgstr "MAC lengte is groter dan dat van digest!"
-#: src/net_setup.c:414
+#: src/net_setup.c:415
msgid "Bogus MAC length!"
msgstr "Onzinnige MAC lengte!"
-#: src/net_setup.c:428
+#: src/net_setup.c:429
msgid "Bogus compression level!"
msgstr "Onzinnig compressieniveau!"
-#: src/net_setup.c:500
+#: src/net_setup.c:454 src/net_setup.c:514 src/net_setup.c:525
+#, fuzzy, c-format
+msgid "event_add failed: %s"
+msgstr "Ontvangst pakket mislukt: %s"
+
+#: src/net_setup.c:534
#, c-format
msgid "Listening on %s"
msgstr "Luisterend op %s"
-#: src/net_setup.c:511
+#: src/net_setup.c:545
msgid "Ready"
msgstr "Gereed"
-#: src/net_setup.c:513
+#: src/net_setup.c:547
msgid "Unable to create any listening socket!"
msgstr "Kon geen enkele luistersocket aanmaken!"
msgid "Accepting a new connection failed: %s"
msgstr "Aanname van nieuwe verbinding is mislukt: %s"
-#: src/net_socket.c:418
+#: src/net_socket.c:417
#, c-format
msgid "Connection from %s"
msgstr "Verbinding van %s"
-#: src/net_socket.c:443
+#: src/net_socket.c:440
#, c-format
msgid "Invalid name for outgoing connection in %s line %d"
msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d"
msgstr "mlockall() wordt niet ondersteund op dit platform!"
#: src/tincd.c:466
+#, fuzzy
+msgid "Error initializing libevent!"
+msgstr "Fout tijdens initialiseren LZO compressor!"
+
+#: src/tincd.c:471
msgid "Error initializing LZO compressor!"
msgstr "Fout tijdens initialiseren LZO compressor!"
-#: src/tincd.c:507
+#: src/tincd.c:512
msgid "Terminating"
msgstr "Beëindigen"
msgid "tincd %s (%s %s) starting, debug level %d"
msgstr "tincd %s (%s %s) start, debug niveau %d"
-#: src/process.c:385
+#: src/process.c:387
#, c-format
msgid "Executing script %s"
msgstr "Uitvoeren script %s"
-#: src/process.c:415
+#: src/process.c:417
#, c-format
msgid "Script %s exited with non-zero status %d"
msgstr "Script %s beëindigde met status %d"
-#: src/process.c:420
+#: src/process.c:422
#, c-format
msgid "Script %s was killed by signal %d (%s)"
msgstr "Script %s was gestopt door signaal %d (%s)"
-#: src/process.c:424
+#: src/process.c:426
#, c-format
msgid "Script %s terminated abnormally"
msgstr "Script %s abnormaal beëindigd"
-#: src/process.c:444 src/process.c:453 src/process.c:494 src/process.c:500
-#: src/process.c:518
+#: src/process.c:446 src/process.c:455 src/process.c:496 src/process.c:502
+#: src/process.c:520
#, c-format
msgid "Got %s signal"
msgstr "Kreeg %s signaal"
-#: src/process.c:462
+#: src/process.c:464
#, c-format
msgid "Got another fatal signal %d (%s): not restarting."
msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart."
-#: src/process.c:471
+#: src/process.c:473
#, c-format
msgid "Got fatal signal %d (%s)"
msgstr "Kreeg fataal signaal %d (%s)"
-#: src/process.c:475
+#: src/process.c:477
msgid "Trying to re-execute in 5 seconds..."
msgstr "Poging tot herstarten over 5 seconden..."
-#: src/process.c:487
+#: src/process.c:489
msgid "Not restarting."
msgstr "Geen herstart."
-#: src/process.c:503
+#: src/process.c:505
#, c-format
msgid "Reverting to old debug level (%d)"
msgstr "Herstellen van oud debug niveau (%d)"
-#: src/process.c:509
+#: src/process.c:511
#, c-format
msgid ""
"Temporarily setting debug level to 5. Kill me with SIGINT again to go back "
"Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau "
"%d te herstellen."
-#: src/process.c:542
+#: src/process.c:544
#, c-format
msgid "Got unexpected signal %d (%s)"
msgstr "Kreeg onverwacht signaal %d (%s)"
-#: src/process.c:548
+#: src/process.c:550
#, c-format
msgid "Ignored signal %d (%s)"
msgstr "Signaal %d (%s) genegeerd"
-#: src/process.c:602
+#: src/process.c:604
#, c-format
msgid "Installing signal handler for signal %d (%s) failed: %s\n"
msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n"
" -L, --mlock Lock tinc into main memory.\n"
" --logfile[=FILENAME] Write log entries to a logfile.\n"
" --controlsocket=FILENAME Open control socket at FILENAME.\n"
+ " --bypass-security Disables meta protocol security, for debugging.\n"
" --help Display this help and exit.\n"
" --version Output version information and exit.\n\n"));
printf(_("Report bugs to tinc@tinc-vpn.org.\n"));
projects / oweals / tinc.git / commitdiff