[Announcement] Tinc version 1.1pre11 released

[Lance Fredrickson]

On 1/13/2015 9:38 AM, Guus Sliepen wrote:
> On Mon, Jan 05, 2015 at 08:10:48AM -0700, Lance Fredrickson wrote:
>
>> Allowing tinc to run without RSA keys is a very big
>> bonus for us embedded device users. We have a limited amount of nvram space
>> for storage (tomato firmware).  RSA keys took up quite a bit, so being able
>> to run using only ED25519 makes tinc very appealing for this platform, and
>> saves tons of space for more nodes or other things.
> Interesting. Do these devices not have a writable filesystem, or is
> there some other reason you store the keys in nvram?

Yes, in the case of tomato firmware there is no writable filesystem. 
Nvram space is limited to 32Kb/64Kb depending on the router.

>
> In any case, the current version in git also allows you to compile tinc
> without OpenSSL, saving disk space as well :)

Nice. Tomato by default removes elliptic curve from OpenSSL to save on 
size. In the case of  <= tinc1.1pre10 it was added, but now with pre11 
it has reverted to its previous behavior, and can save on size that way. 
The tincd binary did grow a bit with the addition of the c 
implementation of ChaCha-Poly1305, but it is probably more than made up 
for by reverting to no elliptic curve in OpenSSL.
1.1pre11 was still looking for engine support in OpenSSL, which also is 
disabled by default in tomato. Post 1.1pre11 will save us some size that 
way as well.
I've managed to fit an image with tinc and my gui in a wrt54gl, which 
gives that aging device some new life. Currently running pre11 in my 
RT-N16, and is running very well. Many in the tomato community are 
liking tinc quite a bit. With the gui I've created (with builtin cert 
generation) , it's trivially easy to setup a site-to-site vpn. People 
like it for it's simplicity, compared to OpenVPN's certificate 
generation, which is a deterrent for many.