News

December 5th 2019

Tinc is potentially affected by CVE-2019-14899.

Please ensure your firewalls block packets with destination IP addresses in your VPN IP range from being received on WAN interfaces.

November 27th 2019

The LINUX Unplugged podcast just released episode 329: ”Flat Network Truthers”, which covers several VPN technologies, including tinc.

August 26th 2019

Version 1.0.36 released.

  • Fix compiling tinc with certain versions of the OpenSSL library.
  • Fix parsing some IPv6 addresses with :: in them.
  • Fix GraphDumpFile output to handle node names starting with a digit.
  • Fix a potential segmentation fault when fragmenting packets.

Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their contributions to this version of tinc.

October 8th 2018

Versions 1.0.35 and 1.1pre17 released.

  • Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
  • Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).

Thanks to Michael Yonli for auditing tinc and reporting these vulnerabilities. For more information, see the security page.

June 12th 2018

Version 1.0.34 released.

  • Fix a potential segmentation fault when connecting to an IPv6 peer via a proxy.
  • Minor improvements to the build system.
  • Make the systemd service file identical to the one from the 1.1 branch.
  • Fix a potential problem causing IPv4 sockets to not work on macOS.

Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this version of tinc.

June 12th 2018

Version 1.1pre16 released.

  • Fixed building with support for UML sockets.
  • Documentation updates and spelling fixes.
  • Support for MSS clamping of IP-in-IP packets.
  • Fixed parsing of the -b flag.
  • Added the ability to set a firemall mark on sockets on Linux.
  • Minor improvements to the build system.
  • Added a cache of recently seen addresses of peers.
  • Add support for —runstatedir to the configure script.
  • Fixed linking with libncurses on some distributions.
  • Automatically disable PMTUDiscovery when TCPOnly is enabled.
  • Fixed removing the tinc service on Windows in some situations.

Thanks to Todd C. Miller, Etienne Dechamps, Daniel Lublin, Gjergji Ramku, Mike Sullivan and Oliver Freyermuth for their contributions to this version of tinc.

November 4th 2017

Version 1.0.33 released.

  • Allow compilation from a build directory.
  • Source code cleanups.
  • Fix some options specified on the command line not surviving a HUP signal.
  • Handle tun/tap device returning EPERM or EBUSY.
  • Disable PMTUDiscovery when TCPOnly is used.
  • Support the —runstatedir option of the autoconf 2.70.

Thanks to Rafael Sadowski and Pierre-Olivier Mercier for their contributions to this version of tinc.

September 2nd 2017

Version 1.0.32 released.

  • Fix segmentation fault when using Cipher = none.
  • Fix Proxy = exec.
  • Support PriorityInheritance for IPv6 packets.
  • Fixes for Solaris tun/tap support.
  • Bind outgoing TCP sockets when ListenAddress is used.

Thanks to Vittorio Gambaletta for his contribution to this version of tinc.

September 2nd 2017

Version 1.1pre15 released.

  • Detect when the machine is resuming from suspension or hibernation.
  • When an old PID file is found, check whether the old daemon is still alive.
  • Remember scope_id for IPv6 addresses when sending UDP packets to link-local addresses.
  • Ensure compatibility with OpenSSL 1.1.
  • Only log about dropped packets with debug level 5.
  • Warn when trying to generate RSA keys less than 2048 bits.
  • Use AES256 and SHA256 as the default encryption and digest algorithms.
  • Add DeviceType = fd to support tinc on Android without requiring root.
  • Support PriorityInheritance for IPv6 packets.
  • Fixes for Solaris tun/tap support.
  • Add a configurable expiration time for invitations.
  • Store invitation data after a succesful join.
  • Exit gracefully when the tun/tap device is in a bad state.
  • Add the LogLevel option.
  • AutoConnect now actively tries to heal split networks.

Thanks to Etienne Dechamps, Rafał Leśniak, Sean McVeigh, Vittorio Gambaletta, Dennis Lan, Pacien Tran-Girard, Roman Savelyev, lemoer and volth for their contributions to this version of tinc.

January 15th 2017

Version 1.0.31 released.

  • Remove ExecStop in tinc@.service.

Thanks to Élie Bouttier for his contribution to this version of tinc.


You can find older news in the archive.