December 22nd 2015

At SCALE 14x, which is held in Pasedana, California on January 21-24, there will be a talk titled Secure Mesh VPN w/ Service Discovery.

November 16th 2015

At FOSSETCON 2015, which is held in Orland, Florida on November 19-21, there will be a talk titled Secure peer networking with tinc.

July 5th 2015

Version 1.0.26 released.

  • Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.
  • Fixed —logfile without a filename on Windows.
  • Ensure tinc can be compiled when using musl libc.

Thanks to Jo-Philipp Wich for his contribution to this version of tinc.

December 27th 2014

Version 1.1pre11 released.

  • Added a “network” command to list or switch networks.
  • Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol.
  • AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open.
  • The new protocol now uses UDP much more often.
  • Tinc “del” and “get” commands now return a non-zero exit code when they don’t find the requested variable.
  • Updated documentation.
  • Added a “DeviceStandby” option to defer running tinc-up until a working connection is made, and which on Windows will also change the network interface link status accordingly.
  • Tinc now tells the resolver to reload /etc/resolv.conf when it receives SIGALRM.
  • Improved error messages and event loop handling on Windows.
  • LocalDiscovery now uses local address learned from other nodes, and is enabled by default.
  • Added a “BroadcastSubnet” option to change the behavior of broadcast packets in router mode.
  • Added support for dotted quad notation in IPv6 (e.g. ::
  • Improved format of printed Subnets, MAC and IPv6 addresses.
  • Added a “—batch” option to force the tinc CLI to run in non-interactive mode.
  • Improve default Device selection on *BSD and Mac OS X.
  • Allow running tinc without RSA keys.

Thanks to Etienne Dechamps, Sven-Haegar Koch, William A. Kennington III, Baptiste Jonglez, Alexis Hildebrandt, Armin Fisslthaler, Franz Pletz, Alexander Ried and Saverio Proto for their contributions to this version of tinc.

December 22nd 2014

Version 1.0.25 released.

  • Documentation updates.
  • Support linking against -lresolv on Mac OS X.
  • Fix scripts on Windows when using the ScriptsInterpreter option.
  • Allow a minimum reconnect timeout to be specified.
  • Support PriorityInheritance on IPv6 sockets.

Thanks to David Pflug, Baptiste Jonglez, Alexis Hildebrandt, Borg, Jochen Voss, Tomislav Čohar and Vittorio Gambaletta for their contributions to this version of tinc.

May 11th 2014

Version 1.0.24 released.

  • Various compiler hardening flags are enabled by default.
  • Updated support for Solaris, allowing switch mode on Solaris 11.
  • Configuration will now also be read from a conf.d directory.
  • Various updates to the documentation.
  • Tinc now forces glibc to reload /etc/resolv.conf after it receives SIGALRM.
  • Fixed a potential routing loop when IndirectData or TCPOnly is used and broadcast packets are being sent.
  • Improved security with constant time memcmp and stricter use of OpenSSL’s RNG functions.
  • Fixed all issues found by Coverity.

Thanks to Florent Clairambault, Vilbrekin, luckyhacky, Armin Fisslthaler, Loïc Dachary and Steffan Karger for their contributions to this version of tinc.

April 10th 2014

Tinc is not vulnerable to the Heartbleed bug.

The Heartbleed bug (CVE-2014-0160) is a bug in the OpenSSL library that affects any application that is linked to it and is making or accepting TLS connections. Although tinc links to the OpenSSL library, it does not use the TLS protocol, and is therefore not vulnerable.

February 7th 2014

Version 1.1pre10 released.

  • Added a benchmark tool (sptps_speed) for the new protocol.
  • Fixed a crash when using Name = $HOST while $HOST is not set.
  • Use AES-256-GCM for the new protocol.
  • Updated support for Solaris.
  • Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set.
  • Enable various compiler hardening flags by default.
  • Added support for a “conf.d” configuration directory.
  • Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when tinc-gui is run in a 64-bits Python environment.
  • Added a “ListenAddress” option, which like BindToAddress adds more listening address/ports, but doesn’t bind to them for outgoing sockets.
  • Make invitations work better when the “invite” and “join” commands are not run interactively.
  • When creating meta-connections to a node for which no Address statement is specified, try to use addresses learned from other nodes.

Thanks to Dennis Joachimsthaler and Florent Clairambault for their contribution to this version of tinc.

October 19th 2013

Version 1.0.23 released.

  • Start authentication immediately on outgoing connections (useful for sslh).
  • Fixed segfault when Name = $HOST but $HOST is not set.
  • Updated the build system and the documentation.
  • Clean up child processes left over from Proxy = exec.

September 8th 2013

Version 1.1pre9 released.

  • The UNIX socket is now created before tinc-up is called.
  • Windows users can now use any extension that is in %PATHEXT% for scripts, not only .bat.
  • Outgoing sockets are bound to the address of the listening sockets again, when there is no ambiguity.
  • Added invitation-created and invitation-accepted scripts.
  • Invited nodes now learn of the Mode and Broadcast settings of the VPN.
  • Joining a VPN with an invitation now also works on Windows.
  • The port number tincd is listening on is now always included in the invitation URL.
  • A running tincd is now correctly informed when a new invitation has been generated.
  • Several bug fixes for the new protocol.
  • Added a test suite.

Thanks to Etienne Dechamps for his contribution to this version of tinc.

You can find older news in the archive.