Welcome to tinc!

Latest stable version: 1.0.32

Latest prerelease from the 1.1 branch: 1.1pre15

Latest news:

Version 1.0.32 released.

  • Fix segmentation fault when using Cipher = none.
  • Fix Proxy = exec.
  • Support PriorityInheritance for IPv6 packets.
  • Fixes for Solaris tun/tap support.
  • Bind outgoing TCP sockets when ListenAddress is used.

Thanks to Vittorio Gambaletta for his contribution to this version of tinc.

Version 1.1pre15 released.

  • Detect when the machine is resuming from suspension or hibernation.
  • When an old PID file is found, check whether the old daemon is still alive.
  • Remember scope_id for IPv6 addresses when sending UDP packets to link-local addresses.
  • Ensure compatibility with OpenSSL 1.1.
  • Only log about dropped packets with debug level 5.
  • Warn when trying to generate RSA keys less than 2048 bits.
  • Use AES256 and SHA256 as the default encryption and digest algorithms.
  • Add DeviceType = fd to support tinc on Android without requiring root.
  • Support PriorityInheritance for IPv6 packets.
  • Fixes for Solaris tun/tap support.
  • Add a configurable expiration time for invitations.
  • Store invitation data after a succesful join.
  • Exit gracefully when the tun/tap device is in a bad state.
  • Add the LogLevel option.
  • AutoConnect now actively tries to heal split networks.

Thanks to Etienne Dechamps, Rafał Leśniak, Sean McVeigh, Vittorio Gambaletta, Dennis Lan, Pacien Tran-Girard, Roman Savelyev, lemoer and volth for their contributions to this version of tinc.

More news…

What is tinc?

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and licensed under the GNU General Public License version 2 or later. Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the Internet without exposing any information to others. In addition, tinc has the following features:

Encryption, authentication and compression
All traffic is optionally compressed using zlib or LZO, and LibreSSL or OpenSSL is used to encrypt the traffic and protect it from alteration with message authentication codes and sequence numbers.
Automatic full mesh routing
Regardless of how you set up the tinc daemons to connect to each other, VPN traffic is always (if possible) sent directly to the destination, without going through intermediate hops.
NAT traversal
As long as one node in the VPN allows incoming connections on a public IP address (even if it is a dynamic IP address), tinc will be able to do NAT traversal, allowing direct communication between peers.
Easily expand your VPN
When you want to add nodes to your VPN, all you have to do is add an extra configuration file, there is no need to start new daemons or create and configure new devices or network interfaces.
Ability to bridge ethernet segments
You can link multiple ethernet segments together to work like a single segment, allowing you to run applications and games that normally only work on a LAN over the Internet.
Runs on many operating systems and supports IPv6
Currently Linux, FreeBSD, OpenBSD, NetBSD, OS X, Solaris, Windows 2000, XP, Vista and Windows 7 and 8 platforms are supported. See our section about supported platforms for more information about the state of the ports. tinc has also full support for IPv6, providing both the possibility of tunneling IPv6 traffic over its tunnels and of creating tunnels over existing IPv6 networks.