Current state of Tinc 1.1?

Tue Dec 23 17:27:01 CET 2014

Hello Donald, Sandy and Guus himself :)
Thank you for the quick and informative reactions!
I think I'm going to experiment a little with Tinc 1.1 considering it's
mostly backwards compatible. The simplified configuration management seems
really neat to have, much less copy-pasting and rsyncing about ;)
The Serverfault post seems on hold for now, although I've posted a very
short summary in a comment for who'd be interested there.
Keep up the great work Guus :) I really love how flexible Tinc allows me to
setup my VPNs, it serves me really well.

Met vriendelijke groet / Kind regards,
Alexander Ypema

On 22 December 2014 at 22:30, Guus Sliepen <guus at tinc-vpn.org> wrote:

> On Mon, Dec 22, 2014 at 01:42:01AM +0100, Alexander Ypema wrote:
>
> > So as probably any Tinc user, I noticed there are two versions: 1.0 and
> > 1.1. On the website is explained that 1.1 is the stepping stone for 2.0
> and
> > that it has a lot of neat features *planned*. However, in the
> repositories,
> > one usually finds version 1.0, and since I'm someone who prefers having
> > everything run through repositories instead of manually updated, I want
> to
> > know if it's worth it, if it's actually in a usable state, and if any of
> > the 'planned' features are implemented.
>
> There are four items listed for tinc 1.1 on http://tinc-vpn.org/goals/:
>
> * Replaceable cryptography backend
>
> Although the cryptography is now separated from the rest of the logic in
> tinc, it is not really replaceable, since only OpenSSL is supported.
> However, there is also a new protocol in tinc 1.1, which uses Ed25519
> and ChaCha-Poly1305. The code for those algorithms is included in tinc,
> so the new protocol has no dependencies on external libraries.
>
> * Control socket
>
> This is already implemented.
>
> * Automatic connection management
>
> This is mostly implemented (see the AutoConnect option).
>
> * Automate setting up nodes
>
> This is mostly implemented (see the "tinc init" command).
>
> Something not listed in the goals is the new protocol that is already
> implemented but not completely fixed yet. The new protocol provides
> end-to-end encryption and authentication between nodes.
>
> If you disable the new protocol (using ExperimentalProtocol = no), then
> you can use most of the new features in tinc 1.1 without any problems.
> It is also backwards compatible with tinc 1.0 nodes. So you can try out
> 1.1 by upgrading an existing node, and if you don't like it you can
> switch back to 1.0 without worries.
>
> --
> Met vriendelijke groet / with kind regards,
>      Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141223/235686ff/attachment.html>