tinc

Version 1.1pre18 released. Check all Address statements when making outgoing connections. Make more variables safe for use in invitations. Allow tinc --force join to accept all variables sent in an invitation. Make sure the stop command works on ... [More] Windows if tincd is running in the foreground. Handle DOS line endings in invitation files. Double-quote node names in dump graph output. Prevent large amounts of UDP probes being sent consecutively. Try harder to reconnect with unreachable nodes. Generate tinc-up.bat on Windows. Fix a possible infinite loop when adding Subnets to a running tincd. Allow a tun/tap filedescriptor to be passed through a UNIX socket. Use auto-clone tun/tap devices as default on FreeBSD and DragonFlyBSD. Thanks to Fabian Maurer, Ilia Pavlikhin, Maciej S. Szmigiero, Pacien Tran-Girard, Aaron Li, Andreas Rammhold, Rosen Penev, Shengjing Zhu, Werner Schreiber, iczero and leptonyu for their contributions to this version of tinc. [Less]

Tinc is potentially affected by CVE-2019-14899. Please ensure your firewalls block packets with destination IP addresses in your VPN IP range from being received on WAN interfaces.

The LINUX Unplugged podcast just released episode 329: ”Flat Network Truthers”, which covers several VPN technologies, including tinc.

Version 1.0.36 released. Fix compiling tinc with certain versions of the OpenSSL library. Fix parsing some IPv6 addresses with :: in them. Fix GraphDumpFile output to handle node names starting with a digit. Fix a potential segmentation fault when ... [More] fragmenting packets. Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their contributions to this version of tinc. [Less]

Version 1.0.36 released. Fix compiling tinc with certain versions of the OpenSSL library. Fix parsing some IPv6 addresses with :: in them. Fix GraphDumpFile output to handle node names starting with a digit. Fix a potential segmentation fault when ... [More] fragmenting packets. Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their contributions to this version of tinc. [Less]

Versions 1.0.35 and 1.1pre17 released. Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Thanks to Michael Yonli for auditing tinc and reporting these vulnerabilities. For more information, see the security page.

Versions 1.0.35 and 1.1pre17 released. Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Thanks to Michael Yonli for auditing tinc and reporting these vulnerabilities. For more information, see the security page.

Version 1.1pre16 released. Fixed building with support for UML sockets. Documentation updates and spelling fixes. Support for MSS clamping of IP-in-IP packets. Fixed parsing of the -b flag. Added the ability to set a firemall mark on sockets on ... [More] Linux. Minor improvements to the build system. Added a cache of recently seen addresses of peers. Add support for —runstatedir to the configure script. Fixed linking with libncurses on some distributions. Automatically disable PMTUDiscovery when TCPOnly is enabled. Fixed removing the tinc service on Windows in some situations. Thanks to Todd C. Miller, Etienne Dechamps, Daniel Lublin, Gjergji Ramku, Mike Sullivan and Oliver Freyermuth for their contributions to this version of tinc. [Less]

Version 1.0.34 released. Fix a potential segmentation fault when connecting to an IPv6 peer via a proxy. Minor improvements to the build system. Make the systemd service file identical to the one from the 1.1 branch. Fix a potential problem causing ... [More] IPv4 sockets to not work on macOS. Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this version of tinc. [Less]

Version 1.1pre16 released. Fixed building with support for UML sockets. Documentation updates and spelling fixes. Support for MSS clamping of IP-in-IP packets. Fixed parsing of the -b flag. Added the ability to set a firemall mark on sockets on ... [More] Linux. Minor improvements to the build system. Added a cache of recently seen addresses of peers. Add support for —runstatedir to the configure script. Fixed linking with libncurses on some distributions. Automatically disable PMTUDiscovery when TCPOnly is enabled. Fixed removing the tinc service on Windows in some situations. Thanks to Todd C. Miller, Etienne Dechamps, Daniel Lublin, Gjergji Ramku, Mike Sullivan and Oliver Freyermuth for their contributions to this version of tinc. [Less]