tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
|Operating Systems||Windows Windows Windows POSIX BSD FreeBSD Linux Solaris OpenBSD NetBSD Mac OS X|
Release Notes: This release lets tinc drop packets that are forwarded via TCP if they are too big (CVE-2013-1428).
Release Notes: This release improves the default device selection on FreeBSD and NetBSD when using switch mode. PMTU discovery is now also applied to VLAN-tagged traffic. The LocalDiscovery option now makes use of all addresses tinc is bound to. The PriorityInheritance option now also works with switch mode. A crash when using a SOCKS5 proxy has been fixed. There are minor improvements and clarifications in the documentation, support for tunemu on iOS devices is fixed, and tinc can now be cross-compiled with Android's NDK.
Release Notes: This release adds basic support for SOCKS and HTTP proxies, as well as proxying through an external command. Support for systemd style socket activation has been added. Environment variables can now be used in the Name configuration option, and :: notation in IPv6 Subnet options is now also allowed.
Release Notes: This release fixes IPv6 in switch mode by turning off, by default, the DecrementTTL option that was introduced in the previous release. It is now allowed to specify a port number in BindToAddress, which also allows tinc to listen on multiple ports. This release also adds support for multicast communication with UML/QEMU/KVM.
Release Notes: The DeviceType option can now be used to select dummy, raw socket, UML, and VDE devices without needing to recompile tinc. Multiple BindToAddress statements are now allowed. The TTL value of IPv4 and IPv6 packets is decremented. The LocalDiscovery option has been added, allowing tinc to detect peers which are behind the same NAT. Subnets passed with the -o option when StrictSubnets = yes are now accepted. Disabling old RSA keys when generating new ones now also works properly on Windows.