./net/tinc, Virtual Private Network (VPN) daemon

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.0.32nb2, Package name: tinc-1.0.32nb2, Maintainer: pkgsrc-users

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the Internet.

Because the VPN appears to the IP level network code as a normal network
device, there is no need to adapt any existing software. This allows VPN
sites to share information with each other over the Internet without exposing
any information to others. In addition, tinc has the following features:

o Encryption, authentication and compression
All traffic is optionally compressed using zlib or LZO, and OpenSSL is
used to encrypt the traffic and protect it from alteration with message
authentication codes and sequence numbers.
o Automatic full mesh routing
Regardless of how you set up the tinc daemons to connect to each
other, VPN traffic is always (if possible) sent directly to the
destination, without going through intermediate hops.
o Easily expand your VPN
When you want to add nodes to your VPN, all you have to do is add an extra
configuration file, there is no need to start new daemons or create and
configure new devices or network interfaces.
o Ability to bridge ethernet segments
You can link multiple ethernet segments together to work like a single
segment, allowing you to run applications and games that normally only work
on a LAN over the Internet.

MESSAGE.smf [+/-]

Required to run:
[archivers/lzo] [security/openssl]

Required to build:

Master sites:

SHA1: 33df65ad5a4db04d46e728675f1b35fe957dfad1
RMD160: b6f8e0d11c206511e4f277409a59cf6df81559fa
Filesize: 484.591 KB

Version history: (Expand)

CVS history: (Expand)

   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-05-28 15:35:54 by Jonathan Perkin | Files touched by this commit (3)
Log message:
*: Remove per-package MESSAGE.{rcd,smf} handling.

This is now centralised in mk/pkgformat so no need to do it manually.
   2018-09-30 17:55:25 by Jonathan Perkin | Files touched by this commit (8) | Package updated
Log message:
tinc: Provide SMF and user support.

Submitted by Antonio Huete in joyent/pkgsrc#108.  Bump PKGREVISION.
   2017-09-08 15:53:25 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
Update tinc to 1.0.32.  Changes since 1.0.26:

Version 1.0.32                                         September 02 2017

Guus Sliepen (13):
      Don't dereference myself->incipher if it's NULL.
      Merge remote-tracking branch 'VittGam/master'
      Use /dev/udp instead of /dev/ip on Solaris.
      Use getmsg()/putmsg() instead of read()/write() on Solaris.
      Fix Solaris DeviceType = tap in router Mode.
      Bind outgoing TCP sockets.
      Move logging of "would block" messages to debug level 4.
      Set KillMode=mixed in the systemd service file.
      Don't forget about outgoing connections on host file read errors.
      Fix Proxy = exec.
      Set status.proxy_passed early for Proxy = exec.
      Don't try to bind Proxy = exec sockets to an address.
      Releasing 1.0.32.

Vittorio Gambaletta (VittGam) (1):
      route: Support ToS/DiffServ priority inheritance when routing IPv6

Version 1.0.31                                           January 15 2017

Guus Sliepen (1):
      Releasing 1.0.31.

√Člie Bouttier (1):
      Remove ExecStop in tinc@.service

Version 1.0.30                                           October 30 2016

Guus Sliepen (11):
      Allow non-empty lines after status code from a HTTP proxy.
      Fix proxy reply parsing broken by the previous commit.
      Log only the first line of a proxy request rejection message.
      Delay sending the real ID request until after a proxy request is granted.
      Use AES256 and SHA256 by default, also for the meta-connections.
      Enforce maximum amount of bytes sent/received on meta-connections.
      Fix bit shifting arithmetic so the code actually does what the last commit
      message says.
      Really fix byte budget calculation.
      Use AES in CTR mode instead of OFB mode for meta-connections.
      Use CFB mode for meta-connections to improve security.
      Releasing 1.0.30.

Version 1.0.29                                           October 09 2016

Guus Sliepen (11):
      Preserve IPv6 scope_id in edges.
      Ensure compatibility with OpenSSL 1.1.0.
      Add -Wall to CFLAGS.
      Check return value of RSA_generate_key_ex().
      Force nul-termination of strings after vsnprintf().
      Log warnings about dropped packets only with debug level 5 or higher.
      Add a copy of ax_append_flag.m4.
      Add ax_require_defined.m4.
      Fix possibly unitialized variable.
      Fix compiler warnings about format string errors on BSD.
      Releasing 1.0.29.

Version 1.0.28                                             April 10 2016

Guus Sliepen (8):
      Fix compiling bsd/device.c on systems without utun.
      Really remove use of __DATE__ and __TIME__ to facilitate reproducible
      Add systemd service files.
      Update .gitignore.
      Ensure the service files are in the tarball.
      Explicitly mention that LibreSSL can be used as well.
      Update links in the documentation.
      Releasing 1.0.28.

Version 1.0.27                                             April 10 2016

Guus Sliepen (26):
      Add missing AM_PROG_CC_C_O to configure.ac.
      Attribution for various contributors.
      Update "now" after connect() when making outgoing connections.
      Add ability to use proxies to connect to hostnames when there is no
      Only add a reflexive address when we're sure it's working.
      Fix compatibility with TAP-Win32 and later.
      Fix warnings from the Clang Static Analyzer.
      Improve performance of edge updates.
      Clarify that scripts are called synchronously.
      Small fixes for the documentation.
      Add warnings for bad combinations of Device and Interface.
      Fix forwarding of edge updates.
      Don't compile getopt*.c if the system provides getopt_long().
      Update .gitignore.
      Update THANKS.
      Use iface instead of interface.
      Update copyright notices.
      Remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
      Cast 0xff to char before comparing it to another char.
      Get rid of a warning when compiling tinc using MinGW.
      Every BSD flavor has a tap device nowadays.
      Use devname() if available to support devfs cloning on BSD.
      Use SIOCGIFADDR on BSDs that support it.
      Enable silent builds by default.
      Add support for OS X utun interfaces.
      Releasing 1.0.27.

Vittorio Gambaletta (VittGam) (6):
      Fix DecrementTTL option.
      Fix source IP address for ICMP unreachable packets generated by tinc.
      Try to reply with node address only when decrementing the TTL.
      Fix DecrementTTL option for packets destined to the local node.
      Remove forward declaration for do_decrement_ttl.

LunarShaddow (3):
      fix typo
      re-arrange include sequence to avoid a mingw introduced bug.
      Proofing README.

Florian Weik (1):
      Fix NAME variable in subnet-* scripts for local subnets.

Nathan Stratton Treadway (1):
      Fix invalid checksum generation.
   2017-04-19 13:24:39 by Jonathan Perkin | Files touched by this commit (27)
Log message:
Reset MAINTAINER after tonnerre resigned.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.