/tinc, Virtual Private Network (VPN) daemon
1.0.26nb1, Package name:
tinc-1.0.26nb1, Maintainer: pkgsrc-users
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the Internet.
Because the VPN appears to the IP level network code as a normal network
device, there is no need to adapt any existing software. This allows VPN
sites to share information with each other over the Internet without exposing
any information to others. In addition, tinc has the following features:
o Encryption, authentication and compression
All traffic is optionally compressed using zlib or LZO, and OpenSSL is
used to encrypt the traffic and protect it from alteration with message
authentication codes and sequence numbers.
o Automatic full mesh routing
Regardless of how you set up the tinc daemons to connect to each
other, VPN traffic is always (if possible) sent directly to the
destination, without going through intermediate hops.
o Easily expand your VPN
When you want to add nodes to your VPN, all you have to do is add an extra
configuration file, there is no need to start new daemons or create and
configure new devices or network interfaces.
o Ability to bridge ethernet segments
You can link multiple ethernet segments together to work like a single
segment, allowing you to run applications and games that normally only work
on a LAN over the Internet.
Required to run:
] Required to build:
Master sites: SHA1:
Version history: (Expand)
- (2016-03-05) Updated to version: tinc-1.0.26nb1
- (2015-07-21) Updated to version: tinc-1.0.26
- (2014-02-12) Updated to version: tinc-1.0.23nb1
- (2013-12-02) Updated to version: tinc-1.0.23
- (2013-10-15) Updated to version: tinc-1.0.22
- (2013-02-12) Updated to version: tinc-1.0.13nb4
CVS history: (Expand)
| 2017-04-19 13:24:39 by Jonathan Perkin | Files touched by this commit (27) |
Reset MAINTAINER after tonnerre resigned.
| 2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | |
Bump PKGREVISION for security/openssl ABI bump.
| 2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748) |
Add SHA512 digests for distfiles for net category
Problems found with existing digests:
Package haproxy distfile haproxy-1.5.14.tar.gz
Problems found locating distfiles:
Package bsddip: missing distfile bsddip-1.02.tar.Z
Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
Package djbdns: missing distfile djbdns-cachestats.patch
Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
Package gated: missing distfile gated-3-5-11.tar.gz
Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
Package poink: missing distfile poink-1.6.tar.gz
Package ra-rtsp-proxy: missing distfile rtspd-src-18.104.22.168.tar.gz
Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
Package waste: missing distfile waste-source.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
| 2015-07-20 19:44:41 by Adam Ciarcinski | Files touched by this commit (2) |
Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.
Fixed —logfile without a filename on Windows.
Ensure tinc can be compiled when using musl libc.
| 2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568) |
Recursive PKGREVISION bump for OpenSSL API version bump.
| 2013-12-01 21:18:29 by Tonnerre Lombard | Files touched by this commit (4) | |
Update net/tinc to version 1.0.23.
Changes since version 1.0.22:
- Check for writability when waiting for a socket to finish connecting.
- Don't send PING requests on connections which are not active yet.
- Fix segfault when Name = $HOST but $HOST is not set.
- Fix typos in the documentation.
- Modernize the build system.
- Get rid of the splay tree implementation.
- Add description of IffOneQueue and MaxTimeout to the info manual.
- Clean up child processes from proxy type exec.
| 2013-10-14 20:27:54 by Tonnerre Lombard | Files touched by this commit (5) | |
Update tinc to version 1.0.22.
Changes since version 1.0.13:
* Better optional argument handling.
* Set $NAME when calling host-up/down and subnet-up/down scripts.
* Don't echo broadcast packets back when Broadcast = direct.
* Update copyright notices.
* Fix combination of Mode = router and DeviceType = tap on Linux.
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
* Use /dev/tap0 by default on FreeBSD and NetBSD when using Mode = switch.
* Document how to load the tap driver on FreeBSD.
* Update THANKS file.
* Also clarify hostnames=[yes|no] in tinc.conf(5).
* Attribution for Vil Brekin and some code style cleanups.
* Don't ignore Makefile.am.
* Fix links in documenation.
* Attribution for Martin Schürrer.
* Add strict checks to hex to binary conversions.
* Clear connection options and status fields in free_connection_partially().
* Fix warnings from cppcheck.
* Clear Ethernet header when reading packets from a tun device.
* Clear status and options fields of unreachable nodes.
* Fix warnings from groff.
* Using alloca() for a constant sized buffer is very silly.
* Make sure PMTU discovery works in switch mode with VLAN tags.
* Mention in the manual that support for LZO and zlib can be disabled.
* Fix configure script help text for --enable options.
* Don't take the address of a variable whose scope is about to disappear.
* Send broadcast packets using a random socket, and properly support IPv6.
* Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf.
* Fix support for tunemu on iOS devices.
* Make sure PriorityInheritance also works in switch mode.
* Detect increases in PMTU.
* Fix a compiler warning.
* Fix segmentation fault when trying to connect via a SOCKS5 proxy.
* Don't send proxy requests for incoming connections.
* Fix compiler warnings on Windows.
* Fix detection of rejected SOCKS5 proxy requests.
* Basic patch for android cross-compilation.
* Replace hard-code with new ScriptsInterpreter configuration property.
* Add basic .gitignore file, cleaning (most) files generated by autotools.
* Use __ANDROID__ define rather than dirty hard-code to allow android NDK \
* Android cross-compilation instructions.
* Output details of encryption errors
* Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves \
names for logging purposes.
* Support :: in IPv6 Subnets.
* Remove newline from log message.
* Add support for systemd style socket activation.
* Allow environment variables to be used for Name.
* Allow broadcast packets to be sent directly instead of via the MST.
* Add basic support for SOCKS 4 and HTTP CONNECT proxies.
* Add support for SOCKS 5 proxies.
* Add support for proxying through an external command.
* Document new proxy types.
* Small fixes in proxy code.
* Fix compiler warnings.
* Fix crash when using Broadcast = direct.
* configure.in: fix AC_ARG_ENABLE and AC_ARG_WITH
* add (errnum) in front of windows error messages
* Always try next Address when an outgoing connection fails to authenticate.
* Allow a port to be specified in BindToAddress statements.
* Add support for multicast communication with UML/QEMU/KVM.
* Set default value of DecrementTTL to "no".
* Add #ifdefs in case not all platforms support IPv4 and IPv6 multicast.
* Allow scoped addresses to be used for IPv6 multicast socket.
* Fix compiler warnings.
* Fix return value type of vde_send().
* Fix some more compiler warnings.
* Document OpenBSD "ifconfig link0" and Linux "ip tuntap" \
* Fix return type of vde_recv() as well.
* Mark DecrementTTL option experimental.
* Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
* Return false instead of void when there is an error.
* Fix compilation of VDE and UML interfaces.
* Add vde/device.c to the tarball.
* Fix a few small memory leaks.
* Allow linking with multiple device drivers.
* Set FD_CLOEXEC flag on all sockets.
* Allow multiple BindToAddress statements.
* Merge branch 'master' of black:tinc
* Send packets back using the same socket as they were received on.
* Allow setting DeviceType to tun or tap on Linux.
* Merge branch 'master' of black:tinc
* Only compile raw socket code when it is supported on that platform.
* Decrement TTL of incoming packets.
* Don't bind outgoing TCP sockets anymore.
* Rename connection_t *broadcast to everyone.
* Allow disabling of broadcast packets.
* Move initialization of char *priority up to prevent freeing an uninitialized \
* Document the command line flag -o and provide --option as well.
* Fix a bug that caused tinc to ignore all but the last listening socket.
* Fix check for raw socket support.
* Pass index into listen_socket to handle_incoming_vpn_data().
* Add LocalDiscovery option which tries to detect peers on the local network.
* Don't send ICMP Time Exceeded messages for other Time Exceeded messages.
* Stricter checks against routing loops.
* Only use broadcast at the start of the PMTU discovery phase.
* Only log errors sending UDP packets when debug level >= 5.
* Accept Subnets passed with the -o option when StrictSubnets = yes.
* Add missing ICMP6 message type definitions.
* Make sure disabling old RSA keys works on Windows.
* Update copyright notices.
* Add missing ICMP message type definitions.
* Make code to detect two nodes with the same Name less triggerhappy.
* Flush output buffer in send_tcppacket().
* Use usleep() instead of sleep(), MinGW complained.
* Reorder checks for libraries to allow ./configure LDFLAGS=-static.
* Make return value of SetPriorityClass() behave the same as setpriority().
* Fix sparse warnings and add an extra sprinkling of const.
* Remove newlines from log messages.
* Remove a few unnecessary #includes.
* Attribution for Loïc Grenié.
* Improved --logfile option.
* Remove redundant @CFLAGS@ from AM_CFLAGS.
* Nearly tickless tinc.
* Fix reading configuration files that do not end with a newline. Again.
* Define WINVER before including any other header file on Windows.
* Use intptr_t instead of long to store a pointer.
* OpenSSL 1.0.0 compiled for 64 bit Windows requires linking with -lcrypt32.
* Fix all warnings when compiling with mingw64.
* Use strrchr() insteaad of rindex().
* Detect and prevent two nodes with the same Name being on the VPN simultaneously.
* Use 64 bit counters to keep track of bytes sent/received from the virtual \
* Do not append an address to ANS_KEY messages if we don't know any address.
* Merge local host configuration with server configuration.
* Remove duplicate command-line option parsing.
* Attribution for Julien Muchembled.
* Attribution for Timothy Redaelli.
* Ensure there is a newline character before a PEM key is written.
* Abort disabling old PEM keys on I/O errors.
* Remove unused variables.
* Quit when there are too many consecutive errors on the tun/tap device.
* Read error counter must be static.
* Add short options -R and -U to the tincd(8) manpage.
* Don't use strlen() on a NULL pointer.
* Provide usleep() for Windows.
* Use variable length arrays instead of alloca().
* Fix warning message when setting SO_RCVBUF or SO_SNDBUF fails.
* Free replay window when freeing a node_t.
* Fix variable length array declaration.
* Attribution for Brandon Black.
* Use setpriority() instead of nice() on UNIX-like systems.
* Always send MTU probes at least once every PingInterval.
* Close all filedescriptors in Solaris close_device().
* Limit field width when scanning PID file.
* Replace bogus #else with #endif.
* Remove unused variables.
* Document the behavior of "-n."
* Update the manual.
* Update the NEWS.
* Proper check and dropin replacement for usleep().
* Fix typo spotted by Andrew Scheller.
* Add support for VDE through libvdeplug.
* Fix spurious misidentification of incoming UDP packets.
* Prevent anything from updating our own UDP address.
* Do not set indirect flag on edges from nodes with multiple addresses.
* Increase threshold for detecting two nodes with the same Name.
* Always use the default signal handler for ABRT signals.
* Check for EVP_EncryptInit_ex instead of SHA1_Version in OpenSSL.
* Update THANKS and copyright information.
* Ensure proper linking with OpenSSL with recent versions of MinGW.
* Include <inttypes.h> when using intptr_t.
* Experimental IFF_ONE_QUEUE support for Linux
* Configurable SO_RCVBUF/SO_SNDBUF for the UDP socket
* Configurable ReplayWindow size, zero disables
* Improved handling of queue-jumping packets on receive
* New '-o' option to configure server or hosts from command line
* Fix command-line '-o' option for host configuration
* Fix warnings showed using -D_FORTIFY_SOURCE=2
* Fix warnings under BSD
* Treat netname="." in a special way.
* DragonFlyBSD support
| 2013-02-07 00:24:19 by Jonathan Perkin | Files touched by this commit (1351) | |
PKGREVISION bumps for the security/openssl 1.0.1d update.