So as probably any Tinc user, I noticed there are two versions: 1.0 and 1.1. On the website is explained that 1.1 is the stepping stone for 2.0 and that it has a lot of neat features *planned*. However, in the repositories, one usually finds version 1.0, and since I'm someone who prefers having everything run through repositories instead of manually updated, I want to know if it's worth it, if it's actually in a usable state, and if any of the 'planned' features are implemented. In short, does anyone know what the current state of Tinc 1.1 is? Is it recommended to use it at all, or stay with 1.0 as provided in most distro repositories? I'm also asking this question over here: http://serverfault.com/questions/654053/current-state-of-tinc-1-1 , someone suggested there I'd poke the mailing list :) Feel free to answer the question there if you think it's more appropriate. Met vriendelijke groet / Kind regards, Alexander Ypema -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141222/bb767094/attachment.html>
Is there a specific capability you are looking for or concern you have? No doubt Gus can give details on the differences but if you're wondering if 1.0 will work for you we may be able to help with some more information. Regards, Donald On Sun, Dec 21, 2014 at 7:42 PM, Alexander Ypema <alexanderypema at gmail.com> wrote:> > So as probably any Tinc user, I noticed there are two versions: 1.0 and > 1.1. On the website is explained that 1.1 is the stepping stone for 2.0 and > that it has a lot of neat features *planned*. However, in the > repositories, one usually finds version 1.0, and since I'm someone who > prefers having everything run through repositories instead of manually > updated, I want to know if it's worth it, if it's actually in a usable > state, and if any of the 'planned' features are implemented. > > In short, does anyone know what the current state of Tinc 1.1 is? Is it > recommended to use it at all, or stay with 1.0 as provided in most distro > repositories? > > I'm also asking this question over here: > http://serverfault.com/questions/654053/current-state-of-tinc-1-1 , > someone suggested there I'd poke the mailing list :) Feel free to answer > the question there if you think it's more appropriate. > Met vriendelijke groet / Kind regards, > Alexander Ypema > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141222/c82ab390/attachment.html>
On Sun, Dec 21, 2014 at 7:42 PM, Alexander Ypema <alexanderypema at gmail.com> wrote:> > In short, does anyone know what the current state of Tinc 1.1 is? Is it recommended to use it at all, or stay with 1.0 as provided in most distro repositories?Alexander, I don't speak for the Tinc team but I think this is a good way to decide based on what is your use case. Tinc 1.0: I use Tinc across many platforms and devices and I want it to just work. (Linux/Win/Mac/Android & Router/Server/Desktop/Laptop/Mobile). I stick with the 1.0 series because that is packaged for me on all those platforms and I don't want to have to support users as much. I should be able to mix and match 1.0 and 1.1 but I don't want to have to support that if there is a probem. Tinc 1.1: If I controlled all devices in the Tinc deployment I'd likely go with the Tinc 1.1 series as I could keep those devices current and help the Tinc project exercise new code and prove it's way forward ever so slightly and roll back if necessary. -- Sandy McArthur, Jr. "No nation could preserve its freedom in the midst of continual warfare." - Letters and Other Writings of James Madison (1865), Vol. IV, p. 491
On Mon, Dec 22, 2014 at 01:42:01AM +0100, Alexander Ypema wrote:> So as probably any Tinc user, I noticed there are two versions: 1.0 and > 1.1. On the website is explained that 1.1 is the stepping stone for 2.0 and > that it has a lot of neat features *planned*. However, in the repositories, > one usually finds version 1.0, and since I'm someone who prefers having > everything run through repositories instead of manually updated, I want to > know if it's worth it, if it's actually in a usable state, and if any of > the 'planned' features are implemented.There are four items listed for tinc 1.1 on http://tinc-vpn.org/goals/: * Replaceable cryptography backend Although the cryptography is now separated from the rest of the logic in tinc, it is not really replaceable, since only OpenSSL is supported. However, there is also a new protocol in tinc 1.1, which uses Ed25519 and ChaCha-Poly1305. The code for those algorithms is included in tinc, so the new protocol has no dependencies on external libraries. * Control socket This is already implemented. * Automatic connection management This is mostly implemented (see the AutoConnect option). * Automate setting up nodes This is mostly implemented (see the "tinc init" command). Something not listed in the goals is the new protocol that is already implemented but not completely fixed yet. The new protocol provides end-to-end encryption and authentication between nodes. If you disable the new protocol (using ExperimentalProtocol = no), then you can use most of the new features in tinc 1.1 without any problems. It is also backwards compatible with tinc 1.0 nodes. So you can try out 1.1 by upgrading an existing node, and if you don't like it you can switch back to 1.0 without worries. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141222/724f08ce/attachment.sig>
Hello Donald, Sandy and Guus himself :) Thank you for the quick and informative reactions! I think I'm going to experiment a little with Tinc 1.1 considering it's mostly backwards compatible. The simplified configuration management seems really neat to have, much less copy-pasting and rsyncing about ;) The Serverfault post seems on hold for now, although I've posted a very short summary in a comment for who'd be interested there. Keep up the great work Guus :) I really love how flexible Tinc allows me to setup my VPNs, it serves me really well. Met vriendelijke groet / Kind regards, Alexander Ypema On 22 December 2014 at 22:30, Guus Sliepen <guus at tinc-vpn.org> wrote:> On Mon, Dec 22, 2014 at 01:42:01AM +0100, Alexander Ypema wrote: > > > So as probably any Tinc user, I noticed there are two versions: 1.0 and > > 1.1. On the website is explained that 1.1 is the stepping stone for 2.0 > and > > that it has a lot of neat features *planned*. However, in the > repositories, > > one usually finds version 1.0, and since I'm someone who prefers having > > everything run through repositories instead of manually updated, I want > to > > know if it's worth it, if it's actually in a usable state, and if any of > > the 'planned' features are implemented. > > There are four items listed for tinc 1.1 on http://tinc-vpn.org/goals/: > > * Replaceable cryptography backend > > Although the cryptography is now separated from the rest of the logic in > tinc, it is not really replaceable, since only OpenSSL is supported. > However, there is also a new protocol in tinc 1.1, which uses Ed25519 > and ChaCha-Poly1305. The code for those algorithms is included in tinc, > so the new protocol has no dependencies on external libraries. > > * Control socket > > This is already implemented. > > * Automatic connection management > > This is mostly implemented (see the AutoConnect option). > > * Automate setting up nodes > > This is mostly implemented (see the "tinc init" command). > > Something not listed in the goals is the new protocol that is already > implemented but not completely fixed yet. The new protocol provides > end-to-end encryption and authentication between nodes. > > If you disable the new protocol (using ExperimentalProtocol = no), then > you can use most of the new features in tinc 1.1 without any problems. > It is also backwards compatible with tinc 1.0 nodes. So you can try out > 1.1 by upgrading an existing node, and if you don't like it you can > switch back to 1.0 without worries. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141223/235686ff/attachment.html>
On Mon, Dec 22, 2014 at 9:30 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:> Although the cryptography is now separated from the rest of the logic in > tinc, it is not really replaceable, since only OpenSSL is supported. > However, there is also a new protocol in tinc 1.1, which uses Ed25519 > and ChaCha-Poly1305. The code for those algorithms is included in tinc, > so the new protocol has no dependencies on external libraries.Any reason not to use libsodium for this? Pedro
Apparently Analagous Threads
- Current state of Tinc 1.1?
- [Announcement] Tinc version 1.1pre11 released
- [Announcement] Tinc version 1.1pre11 released
- Current state of Tinc 1.1?
- vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"