Welcome to tinc!

Latest stable version: 1.0.25

Latest prerelease from the 1.1 branch: 1.1pre11

Latest news:

Version 1.1pre11 released.

  • Added a “network” command to list or switch networks.
  • Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol.
  • AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open.
  • The new protocol now uses UDP much more often.
  • Tinc “del” and “get” commands now return a non-zero exit code when they don’t find the requested variable.
  • Updated documentation.
  • Added a “DeviceStandby” option to defer running tinc-up until a working connection is made, and which on Windows will also change the network interface link status accordingly.
  • Tinc now tells the resolver to reload /etc/resolv.conf when it receives SIGALRM.
  • Improved error messages and event loop handling on Windows.
  • LocalDiscovery now uses local address learned from other nodes, and is enabled by default.
  • Added a “BroadcastSubnet” option to change the behavior of broadcast packets in router mode.
  • Added support for dotted quad notation in IPv6 (e.g. ::1.2.3.4).
  • Improved format of printed Subnets, MAC and IPv6 addresses.
  • Added a “—batch” option to force the tinc CLI to run in non-interactive mode.
  • Improve default Device selection on *BSD and Mac OS X.
  • Allow running tinc without RSA keys.

Thanks to Etienne Dechamps, Sven-Haegar Koch, William A. Kennington III, Baptiste Jonglez, Alexis Hildebrandt, Armin Fisslthaler, Franz Pletz, Alexander Ried and Saverio Proto for their contributions to this version of tinc.

More news…

What is tinc?

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and licensed under the GNU General Public License version 2 or later. Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the Internet without exposing any information to others. In addition, tinc has the following features:

Encryption, authentication and compression
All traffic is optionally compressed using zlib or LZO, and OpenSSL is used to encrypt the traffic and protect it from alteration with message authentication codes and sequence numbers.
Automatic full mesh routing
Regardless of how you set up the tinc daemons to connect to each other, VPN traffic is always (if possible) sent directly to the destination, without going through intermediate hops.
Easily expand your VPN
When you want to add nodes to your VPN, all you have to do is add an extra configuration file, there is no need to start new daemons or create and configure new devices or network interfaces.
Ability to bridge ethernet segments
You can link multiple ethernet segments together to work like a single segment, allowing you to run applications and games that normally only work on a LAN over the Internet.
Runs on many operating systems and supports IPv6
Currently Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X, Solaris, Windows 2000, XP, Vista and Windows 7 and 8 platforms are supported. See our section about supported platforms for more information about the state of the ports. tinc has also full support for IPv6, providing both the possibility of tunneling IPv6 traffic over its tunnels and of creating tunnels over existing IPv6 networks.