Version 1.0.13 released.

• Allow building tinc without LZO and/or Zlib.
• Clamp MSS of TCP packets in both directions.
• Experimental StrictSubnets, Forwarding and DirectOnly options, giving more control over information and packets received from/sent to other nodes.
• Ensure tinc never sends symbolic names for ports over the wire.

The slides from the FOSDEM 2010 lightning talk are now online.

Version 1.0.12 released.

• Really allow fast roaming of hosts to other nodes in a switched VPN.
• Fixes missing or incorrect environment variables when calling host-up/down and subnet-up/down scripts in some cases.
• Allow port to be specified in Address statements.
• Clamp MSS of TCP packets to the discovered path MTU.
• Let two nodes behind NAT learn each others current UDP address and port via a third node, potentially allowing direct communications in a similar way to STUN.

The Windows installer now includes both 32 bit and 64 bit TAP drivers.

At FOSDEM 2010, I will give a lightning talk titled “tinc: the difficulties of a peer-to-peer VPN on the hostile Internet”. The talk will be on Saturday 7th of Februari at 15:20 CET.

Version 1.0.11 released.

• Fixed potential crash when the HUP signal is sent.
• Fixes handling of weighted Subnets in switch and hub modes, preventing unnecessary broadcasts.
• Works around a MinGW bug that caused packets to Windows nodes to always be sent via TCP.
• Improvements to the PMTU discovery code, especially on Windows.
• Use UDP again in certain cases where 1.0.10 was too conservative and fell back to TCP unnecessarily.
• Allow fast roaming of hosts to other nodes in a switched VPN.

Version 1.0.10 released.

• Fixed potential crashes during shutdown and (in rare conditions) when other nodes disconnected from the VPN.
• Improved NAT handling: tinc now copes with mangled port numbers, and will automatically fall back to TCP if direct UDP connection between nodes is not possible. The TCPOnly option should not have to be used anymore.
• Allow configuration files with CRLF line endings to be read on UNIX.
• Disable old RSA keys when generating new ones, and raise the default size of new RSA keys to 2048 bits.
• Many fixes in the path MTU discovery code, especially when Compression is being used.
• Tinc can now drop privileges and/or chroot itself.
• The TunnelServer code now just ignores information from clients instead of disconnecting them.
• Improved performance on Windows by using the new ProcessPriority option and by making the handling of packets received from the TAP-Win32 adapter more efficient.
• Code cleanups: tinc now follows the C99 standard, copyright headers have been updated to include patch authors, checkpoint tracing and localisation features have been removed.
• Support for (jailbroken) iPhone and iPod Touch has been added.

The website has been converted to a Wiki, powered by ikiwiki.

Flynn Marquardt noticed that an article about tinc has appeared in the German c’t Magazin, titled “Maschen-VPN”.

Native access to the git repository has been enabled, since the denial-of-service bug in git-daemon has been fixed.

Grzegorz Dymarek has managed to build tinc for the iPhone and iPod touch. These devices do not have a native tun or tap device, but make use of the tunemu driver. His patches have been committed to the repository.

Christoph Rackwitz reported that tinc 1.0.9 ran on Windows 7. The TAP-Win32 driver from OpenVPN is signed, and can be installed instead of the one that comes with the Windows installer.