./net/tinc, Virtual Private Network (VPN) daemon

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.0.32, Package name: tinc-1.0.32, Maintainer: pkgsrc-users

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the Internet.

Because the VPN appears to the IP level network code as a normal network
device, there is no need to adapt any existing software. This allows VPN
sites to share information with each other over the Internet without exposing
any information to others. In addition, tinc has the following features:

o Encryption, authentication and compression
All traffic is optionally compressed using zlib or LZO, and OpenSSL is
used to encrypt the traffic and protect it from alteration with message
authentication codes and sequence numbers.
o Automatic full mesh routing
Regardless of how you set up the tinc daemons to connect to each
other, VPN traffic is always (if possible) sent directly to the
destination, without going through intermediate hops.
o Easily expand your VPN
When you want to add nodes to your VPN, all you have to do is add an extra
configuration file, there is no need to start new daemons or create and
configure new devices or network interfaces.
o Ability to bridge ethernet segments
You can link multiple ethernet segments together to work like a single
segment, allowing you to run applications and games that normally only work
on a LAN over the Internet.

Required to run:

Master sites:

SHA1: 33df65ad5a4db04d46e728675f1b35fe957dfad1
RMD160: b6f8e0d11c206511e4f277409a59cf6df81559fa
Filesize: 484.591 KB

Version history: (Expand)

CVS history: (Expand)

   2017-09-08 15:53:25 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
Update tinc to 1.0.32.  Changes since 1.0.26:

Version 1.0.32                                         September 02 2017

Guus Sliepen (13):
      Don't dereference myself->incipher if it's NULL.
      Merge remote-tracking branch 'VittGam/master'
      Use /dev/udp instead of /dev/ip on Solaris.
      Use getmsg()/putmsg() instead of read()/write() on Solaris.
      Fix Solaris DeviceType = tap in router Mode.
      Bind outgoing TCP sockets.
      Move logging of "would block" messages to debug level 4.
      Set KillMode=mixed in the systemd service file.
      Don't forget about outgoing connections on host file read errors.
      Fix Proxy = exec.
      Set status.proxy_passed early for Proxy = exec.
      Don't try to bind Proxy = exec sockets to an address.
      Releasing 1.0.32.

Vittorio Gambaletta (VittGam) (1):
      route: Support ToS/DiffServ priority inheritance when routing IPv6

Version 1.0.31                                           January 15 2017

Guus Sliepen (1):
      Releasing 1.0.31.

Élie Bouttier (1):
      Remove ExecStop in tinc@.service

Version 1.0.30                                           October 30 2016

Guus Sliepen (11):
      Allow non-empty lines after status code from a HTTP proxy.
      Fix proxy reply parsing broken by the previous commit.
      Log only the first line of a proxy request rejection message.
      Delay sending the real ID request until after a proxy request is granted.
      Use AES256 and SHA256 by default, also for the meta-connections.
      Enforce maximum amount of bytes sent/received on meta-connections.
      Fix bit shifting arithmetic so the code actually does what the last commit
      message says.
      Really fix byte budget calculation.
      Use AES in CTR mode instead of OFB mode for meta-connections.
      Use CFB mode for meta-connections to improve security.
      Releasing 1.0.30.

Version 1.0.29                                           October 09 2016

Guus Sliepen (11):
      Preserve IPv6 scope_id in edges.
      Ensure compatibility with OpenSSL 1.1.0.
      Add -Wall to CFLAGS.
      Check return value of RSA_generate_key_ex().
      Force nul-termination of strings after vsnprintf().
      Log warnings about dropped packets only with debug level 5 or higher.
      Add a copy of ax_append_flag.m4.
      Add ax_require_defined.m4.
      Fix possibly unitialized variable.
      Fix compiler warnings about format string errors on BSD.
      Releasing 1.0.29.

Version 1.0.28                                             April 10 2016

Guus Sliepen (8):
      Fix compiling bsd/device.c on systems without utun.
      Really remove use of __DATE__ and __TIME__ to facilitate reproducible
      Add systemd service files.
      Update .gitignore.
      Ensure the service files are in the tarball.
      Explicitly mention that LibreSSL can be used as well.
      Update links in the documentation.
      Releasing 1.0.28.

Version 1.0.27                                             April 10 2016

Guus Sliepen (26):
      Add missing AM_PROG_CC_C_O to configure.ac.
      Attribution for various contributors.
      Update "now" after connect() when making outgoing connections.
      Add ability to use proxies to connect to hostnames when there is no
      Only add a reflexive address when we're sure it's working.
      Fix compatibility with TAP-Win32 and later.
      Fix warnings from the Clang Static Analyzer.
      Improve performance of edge updates.
      Clarify that scripts are called synchronously.
      Small fixes for the documentation.
      Add warnings for bad combinations of Device and Interface.
      Fix forwarding of edge updates.
      Don't compile getopt*.c if the system provides getopt_long().
      Update .gitignore.
      Update THANKS.
      Use iface instead of interface.
      Update copyright notices.
      Remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
      Cast 0xff to char before comparing it to another char.
      Get rid of a warning when compiling tinc using MinGW.
      Every BSD flavor has a tap device nowadays.
      Use devname() if available to support devfs cloning on BSD.
      Use SIOCGIFADDR on BSDs that support it.
      Enable silent builds by default.
      Add support for OS X utun interfaces.
      Releasing 1.0.27.

Vittorio Gambaletta (VittGam) (6):
      Fix DecrementTTL option.
      Fix source IP address for ICMP unreachable packets generated by tinc.
      Try to reply with node address only when decrementing the TTL.
      Fix DecrementTTL option for packets destined to the local node.
      Remove forward declaration for do_decrement_ttl.

LunarShaddow (3):
      fix typo
      re-arrange include sequence to avoid a mingw introduced bug.
      Proofing README.

Florian Weik (1):
      Fix NAME variable in subnet-* scripts for local subnets.

Nathan Stratton Treadway (1):
      Fix invalid checksum generation.
   2017-04-19 13:24:39 by Jonathan Perkin | Files touched by this commit (27)
Log message:
Reset MAINTAINER after tonnerre resigned.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-07-20 19:44:41 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 1.0.26:
Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.
Fixed —logfile without a filename on Windows.
Ensure tinc can be compiled when using musl libc.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-12-01 21:18:29 by Tonnerre Lombard | Files touched by this commit (4) | Package updated
Log message:
Update net/tinc to version 1.0.23.

Changes since version 1.0.22:
 - Check for writability when waiting for a socket to finish connecting.
 - Don't send PING requests on connections which are not active yet.
 - Fix segfault when Name = $HOST but $HOST is not set.
 - Fix typos in the documentation.
 - Modernize the build system.
 - Get rid of the splay tree implementation.
 - Add description of IffOneQueue and MaxTimeout to the info manual.
 - Clean up child processes from proxy type exec.
   2013-10-14 20:27:54 by Tonnerre Lombard | Files touched by this commit (5) | Package updated
Log message:
Update tinc to version 1.0.22.

Changes since version 1.0.13:
 * Better optional argument handling.
 * Set $NAME when calling host-up/down and subnet-up/down scripts.
 * Don't echo broadcast packets back when Broadcast = direct.
 * Update copyright notices.
 * Fix combination of Mode = router and DeviceType = tap on Linux.
 * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
 * Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
 * Document how to load the tap driver on FreeBSD.
 * Update THANKS file.
 * Also clarify hostnames=[yes|no] in tinc.conf(5).
 * Attribution for Vil Brekin and some code style cleanups.
 * Don't ignore Makefile.am.
 * Fix links in documenation.
 * Attribution for Martin Schürrer.
 * Add strict checks to hex to binary conversions.
 * Clear connection options and status fields in free_connection_partially().
 * Fix warnings from cppcheck.
 * Clear Ethernet header when reading packets from a tun device.
 * Clear status and options fields of unreachable nodes.
 * Fix warnings from groff.
 * Using alloca() for a constant sized buffer is very silly.
 * Make sure PMTU discovery works in switch mode with VLAN tags.
 * Mention in the manual that support for LZO and zlib can be disabled.
 * Fix configure script help text for --enable options.
 * Don't take the address of a variable whose scope is about to disappear.
 * Send broadcast packets using a random socket, and properly support IPv6.
 * Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
 * Fix support for tunemu on iOS devices.
 * Make sure PriorityInheritance also works in switch mode.
 * Detect increases in PMTU.
 * Fix a compiler warning.
 * Fix segmentation fault when trying to connect via a SOCKS5 proxy.
 * Don't send proxy requests for incoming connections.
 * Fix compiler warnings on Windows.
 * Fix detection of rejected SOCKS5 proxy requests.
 * Basic patch for android cross-compilation.
 * Replace hard-code with new ScriptsInterpreter configuration property.
 * Add basic .gitignore file, cleaning (most) files generated by autotools.
 * Use __ANDROID__ define rather than dirty hard-code to allow android NDK \ 
 * Android cross-compilation instructions.
 * Output details of encryption errors
 * Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves \ 
names for logging purposes.
 * Support :: in IPv6 Subnets.
 * Remove newline from log message.
 * Add support for systemd style socket activation.
 * Allow environment variables to be used for Name.
 * Allow broadcast packets to be sent directly instead of via the MST.
 * Add basic support for SOCKS 4 and HTTP CONNECT proxies.
 * Add support for SOCKS 5 proxies.
 * Add support for proxying through an external command.
 * Document new proxy types.
 * Small fixes in proxy code.
 * Fix compiler warnings.
 * Fix crash when using Broadcast = direct.
 * configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
 * add (errnum) in front of windows error messages
 * Always try next Address when an outgoing connection fails to authenticate.
 * Allow a port to be specified in BindToAddress statements.
 * Add support for multicast communication with UML/QEMU/KVM.
 * Set default value of DecrementTTL to "no".
 * Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
 * Allow scoped addresses to be used for IPv6 multicast socket.
 * Fix compiler warnings.
 * Fix return value type of vde_send().
 * Fix some more compiler warnings.
 * Document OpenBSD "ifconfig link0" and Linux "ip tuntap" \ 
 * Fix return type of vde_recv() as well.
 * Mark DecrementTTL option experimental.
 * Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
 * Return false instead of void when there is an error.
 * Fix compilation of VDE and UML interfaces.
 * Add vde/device.c to the tarball.
 * Fix a few small memory leaks.
 * Allow linking with multiple device drivers.
 * Set FD_CLOEXEC flag on all sockets.
 * Allow multiple BindToAddress statements.
 * Merge branch 'master' of black:tinc
 * Send packets back using the same socket as they were received on.
 * Allow setting DeviceType to tun or tap on Linux.
 * Merge branch 'master' of black:tinc
 * Only compile raw socket code when it is supported on that platform.
 * Decrement TTL of incoming packets.
 * Don't bind outgoing TCP sockets anymore.
 * Rename connection_t *broadcast to everyone.
 * Allow disabling of broadcast packets.
 * Move initialization of char *priority up to prevent freeing an uninitialized \ 
 * Document the command line flag -o and provide --option as well.
 * Fix a bug that caused tinc to ignore all but the last listening socket.
 * Fix check for raw socket support.
 * Pass index into listen_socket[] to handle_incoming_vpn_data().
 * Add LocalDiscovery option which tries to detect peers on the local network.
 * Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
 * Stricter checks against routing loops.
 * Only use broadcast at the start of the PMTU discovery phase.
 * Only log errors sending UDP packets when debug level >= 5.
 * Accept Subnets passed with the -o option when StrictSubnets = yes.
 * Add missing ICMP6 message type definitions.
 * Make sure disabling old RSA keys works on Windows.
 * Update copyright notices.
 * Add missing ICMP message type definitions.
 * Make code to detect two nodes with the same Name less triggerhappy.
 * Flush output buffer in send_tcppacket().
 * Use usleep() instead of sleep(), MinGW complained.
 * Reorder checks for libraries to allow ./configure LDFLAGS=-static.
 * Make return value of SetPriorityClass() behave the same as setpriority().
 * Fix sparse warnings and add an extra sprinkling of const.
 * Remove newlines from log messages.
 * Remove a few unnecessary #includes.
 * Attribution for Loïc Grenié.
 * Improved --logfile option.
 * Remove redundant @CFLAGS@ from AM_CFLAGS.
 * Nearly tickless tinc.
 * Fix reading configuration files that do not end with a newline. Again.
 * Define WINVER before including any other header file on Windows.
 * Use intptr_t instead of long to store a pointer.
 * OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
 * Fix all warnings when compiling with mingw64.
 * Use strrchr() insteaad of rindex().
 * Detect and prevent two nodes with the same Name being on the VPN simultaneously.
 * Use 64 bit counters to keep track of bytes sent/received from the virtual \ 
network interface.
 * Do not append an address to ANS_KEY messages if we don't know any address.
 * Merge local host configuration with server configuration.
 * Remove duplicate command-line option parsing.
 * Attribution for Julien Muchembled.
 * Attribution for Timothy Redaelli.
 * Ensure there is a newline character before a PEM key is written.
 * Abort disabling old PEM keys on I/O errors.
 * Remove unused variables.
 * Quit when there are too many consecutive errors on the tun/tap device.
 * Read error counter must be static.
 * Add short options -R and -U to the tincd(8) manpage.
 * Don't use strlen() on a NULL pointer.
 * Provide usleep() for Windows.
 * Use variable length arrays instead of alloca().
 * Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
 * Free replay window when freeing a node_t.
 * Fix variable length array declaration.
 * Attribution for Brandon Black.
 * Use setpriority() instead of nice() on UNIX-like systems.
 * Always send MTU probes at least once every PingInterval.
 * Close all filedescriptors in Solaris close_device().
 * Limit field width when scanning PID file.
 * Replace bogus #else with #endif.
 * Remove unused variables.
 * Document the behavior of "-n."
 * Update the manual.
 * Update the NEWS.
 * Proper check and dropin replacement for usleep().
 * Fix typo spotted by Andrew Scheller.
 * Add support for VDE through libvdeplug.
 * Fix spurious misidentification of incoming UDP packets.
 * Prevent anything from updating our own UDP address.
 * Do not set indirect flag on edges from nodes with multiple addresses.
 * Increase threshold for detecting two nodes with the same Name.
 * Always use the default signal handler for ABRT signals.
 * Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
 * Update THANKS and copyright information.
 * Ensure proper linking with OpenSSL with recent versions of MinGW.
 * Include <inttypes.h> when using intptr_t.
 * Experimental IFF_ONE_QUEUE support for Linux
 * Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
 * Configurable ReplayWindow size, zero disables
 * Improved handling of queue-jumping packets on receive
 * New '-o' option to configure server or hosts from command line
 * Fix command-line '-o' option for host configuration
 * Fix warnings showed using -D_FORTIFY_SOURCE=2
 * Fix warnings under BSD
 * Treat netname="." in a special way.
 * DragonFlyBSD support