News

October 8th 2018

Versions 1.0.35 and 1.1pre17 released.

  • Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
  • Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).

Thanks to Michael Yonli for auditing tinc and reporting these vulnerabilities. For more information, see the security page.

June 12th 2018

Version 1.0.34 released.

  • Fix a potential segmentation fault when connecting to an IPv6 peer via a proxy.
  • Minor improvements to the build system.
  • Make the systemd service file identical to the one from the 1.1 branch.
  • Fix a potential problem causing IPv4 sockets to not work on macOS.

Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this version of tinc.

June 12th 2018

Version 1.1pre16 released.

  • Fixed building with support for UML sockets.
  • Documentation updates and spelling fixes.
  • Support for MSS clamping of IP-in-IP packets.
  • Fixed parsing of the -b flag.
  • Added the ability to set a firemall mark on sockets on Linux.
  • Minor improvements to the build system.
  • Added a cache of recently seen addresses of peers.
  • Add support for —runstatedir to the configure script.
  • Fixed linking with libncurses on some distributions.
  • Automatically disable PMTUDiscovery when TCPOnly is enabled.
  • Fixed removing the tinc service on Windows in some situations.

Thanks to Todd C. Miller, Etienne Dechamps, Daniel Lublin, Gjergji Ramku, Mike Sullivan and Oliver Freyermuth for their contributions to this version of tinc.

November 4th 2017

Version 1.0.33 released.

  • Allow compilation from a build directory.
  • Source code cleanups.
  • Fix some options specified on the command line not surviving a HUP signal.
  • Handle tun/tap device returning EPERM or EBUSY.
  • Disable PMTUDiscovery when TCPOnly is used.
  • Support the —runstatedir option of the autoconf 2.70.

Thanks to Rafael Sadowski and Pierre-Olivier Mercier for their contributions to this version of tinc.

September 2nd 2017

Version 1.0.32 released.

  • Fix segmentation fault when using Cipher = none.
  • Fix Proxy = exec.
  • Support PriorityInheritance for IPv6 packets.
  • Fixes for Solaris tun/tap support.
  • Bind outgoing TCP sockets when ListenAddress is used.

Thanks to Vittorio Gambaletta for his contribution to this version of tinc.

September 2nd 2017

Version 1.1pre15 released.

  • Detect when the machine is resuming from suspension or hibernation.
  • When an old PID file is found, check whether the old daemon is still alive.
  • Remember scope_id for IPv6 addresses when sending UDP packets to link-local addresses.
  • Ensure compatibility with OpenSSL 1.1.
  • Only log about dropped packets with debug level 5.
  • Warn when trying to generate RSA keys less than 2048 bits.
  • Use AES256 and SHA256 as the default encryption and digest algorithms.
  • Add DeviceType = fd to support tinc on Android without requiring root.
  • Support PriorityInheritance for IPv6 packets.
  • Fixes for Solaris tun/tap support.
  • Add a configurable expiration time for invitations.
  • Store invitation data after a succesful join.
  • Exit gracefully when the tun/tap device is in a bad state.
  • Add the LogLevel option.
  • AutoConnect now actively tries to heal split networks.

Thanks to Etienne Dechamps, Rafał Leśniak, Sean McVeigh, Vittorio Gambaletta, Dennis Lan, Pacien Tran-Girard, Roman Savelyev, lemoer and volth for their contributions to this version of tinc.

January 15th 2017

Version 1.0.31 released.

  • Remove ExecStop in tinc@.service.

Thanks to Élie Bouttier for his contribution to this version of tinc.

October 30th 2016

Version 1.0.30 released.

  • Fix problems connecting to some HTTP proxies.
  • Add mitigations for the Sweet32 attack when using a 64-bit block cipher.
  • Use AES256 and SHA256 as the default encryption and digest algorithms.

October 9th 2016

Version 1.0.29 released.

  • Fix UDP communication with peers with link-local IPv6 addresses.
  • Ensure compatibility with OpenSSL 1.1.0.
  • Ensure autoreconf can be run without requiring autoconf-archive.
  • Log warnings about dropped packets only at debug level 5.

May 1st 2016

Version 1.1pre14 released.

  • Add tinc.service back.

You can find older news in the archive.