May 11th 2014

Version 1.0.24 released.

  • Various compiler hardening flags are enabled by default.
  • Updated support for Solaris, allowing switch mode on Solaris 11.
  • Configuration will now also be read from a conf.d directory.
  • Various updates to the documentation.
  • Tinc now forces glibc to reload /etc/resolv.conf after it receives SIGALRM.
  • Fixed a potential routing loop when IndirectData or TCPOnly is used and broadcast packets are being sent.
  • Improved security with constant time memcmp and stricter use of OpenSSL’s RNG functions.
  • Fixed all issues found by Coverity.

Thanks to Florent Clairambault, Vilbrekin, luckyhacky, Armin Fisslthaler, Loïc Dachary and Steffan Karger for their contributions to this version of tinc.

April 10th 2014

Tinc is not vulnerable to the Heartbleed bug.

The Heartbleed bug (CVE-2014-0160) is a bug in the OpenSSL library that affects any application that is linked to it and is making or accepting TLS connections. Although tinc links to the OpenSSL library, it does not use the TLS protocol, and is therefore not vulnerable.

February 7th 2014

Version 1.1pre10 released.

  • Added a benchmark tool (sptps_speed) for the new protocol.
  • Fixed a crash when using Name = $HOST while $HOST is not set.
  • Use AES-256-GCM for the new protocol.
  • Updated support for Solaris.
  • Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set.
  • Enable various compiler hardening flags by default.
  • Added support for a “conf.d” configuration directory.
  • Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when tinc-gui is run in a 64-bits Python environment.
  • Added a “ListenAddress” option, which like BindToAddress adds more listening address/ports, but doesn’t bind to them for outgoing sockets.
  • Make invitations work better when the “invite” and “join” commands are not run interactively.
  • When creating meta-connections to a node for which no Address statement is specified, try to use addresses learned from other nodes.

Thanks to Dennis Joachimsthaler and Florent Clairambault for their contribution to this version of tinc.

October 19th 2013

Version 1.0.23 released.

  • Start authentication immediately on outgoing connections (useful for sslh).
  • Fixed segfault when Name = $HOST but $HOST is not set.
  • Updated the build system and the documentation.
  • Clean up child processes left over from Proxy = exec.

September 8th 2013

Version 1.1pre9 released.

  • The UNIX socket is now created before tinc-up is called.
  • Windows users can now use any extension that is in %PATHEXT% for scripts, not only .bat.
  • Outgoing sockets are bound to the address of the listening sockets again, when there is no ambiguity.
  • Added invitation-created and invitation-accepted scripts.
  • Invited nodes now learn of the Mode and Broadcast settings of the VPN.
  • Joining a VPN with an invitation now also works on Windows.
  • The port number tincd is listening on is now always included in the invitation URL.
  • A running tincd is now correctly informed when a new invitation has been generated.
  • Several bug fixes for the new protocol.
  • Added a test suite.

Thanks to Etienne Dechamps for his contribution to this version of tinc.

August 13th 2013

Version 1.1pre8 released.

  • ExperimentalProtocol is now enabled by default.
  • Added an invitation protocol that makes it easy to invite new nodes.
  • Added the LocalDiscoveryAddress option to change the broadcast address used to find local nodes.
  • Limit the rate of incoming meta-connections.
  • Many small bug fixes and code cleanups.

Thanks to Etienne Dechamps and Sven-Haegar Koch for their contributions to this version of tinc.

August 13th 2013

Version 1.0.22 released.

  • Fixed the combination of Mode = router and DeviceType = tap.
  • The $NAME variable is now set in subnet-up/down scripts.
  • Tinc now gives an error when unknown options are given on the command line.
  • Tinc now correctly handles a space between a short command line option and an optional argument.

Thanks to Etienne Dechamps for his contribution to this version of tinc.

August 4th 2013

Today is exactly 10 years ago that tinc 1.0 was released.

Show full text.

We would have hoped to celebrate this by releasing 1.0.22 and 1.1pre8 today, but this will instead happen in one week.

Tinc 1.1 is close to becoming stable, and I hope to release 1.1.0 before the end of the year. The main features of tinc 1.1 are the improved security over tinc 1.0, and a much nicer interface that makes it very easy to set up new VPNs, and allows you to easily get live information from a running VPN. Tinc 1.1 will also feature an invitation protocol which allows you to easily invite others to join a VPN, by simply giving them an invitation URL that you can create with a simple command. No central servers are involved, invitees will directly connect to your own tinc node to redeem invitations. The invitation protocol will be available in the 1.1pre8 release.

Tinc is the work of many people. For those of you who haven’t read the THANKS file in the source code distribution, here is a list of all the contributors:

Alexander Reil and Gemeinde Berg, Allesandro Gatti, Andreas van Cranenburgh, Anthony G. Basile, Armijn Hemel, Brandon Black, Cheng LI, Cris van Pelt, Darius Jahandarie, Delf Eldkraft, dnk, Enrique Zanardi, Erik Tews, Etienne Dechamps, Flynn Marquardt, Grzegorz Dymarek, Hans Bayle, Ivo Timmermans, Ivo van Dong, James MacLean, Jamie Briggs, Jason Harper, Jeroen Ubbink, Jerome Etienne, Julien Muchembled, Loïc Grenié, Lubomír Bulej, Mads Kiilerich, Marc A. Lehmann, Mark Glines, Markus Goetz, Martin Kihlgren, Martin Schobert, Martin Schürrer, Matias Carrasco, Max Rijevski, Menno Smits, Mesar Hameed, Michael Tokarev, Miles Nordin, Nick Hibma, Nick Patavalis, Paul Littlefield, Philipp Babel, Robert van der Meulen, Rumko, Scott Lamb, Sven-Haegar Koch, Teemu Kiviniemi, Timothy Redaelli, Tonnerre Lombard, Vil Brekin, Wessel Dankers and Wouter van Heyst.

And finally, thank you for using tinc!

June 28th 2013


At OHM2013, there will be a lightning talk about tinc in T2 on August 1, 15:55, and a workshop setting up VPNs using tinc at the Milliways village.

April 22nd 2013

Version 1.0.21 released.

  • Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

Thanks to Martin Schobert for auditing tinc and reporting this vulnerability.

You can find older news in the archive.