similar to: Current state of Tinc 1.1?

On Mon, Dec 22, 2014 at 9:30 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > Although the cryptography is now separated from the rest of the logic in > tinc, it is not really replaceable, since only OpenSSL is supported. > However, there is also a new protocol in tinc 1.1, which uses Ed25519 > and ChaCha-Poly1305. The code for those algorithms is included in tinc, > so the

> That said, there are significant advantages to using external > libraries for this: some of them use heavily optimized (assembly, > tuned for SSE etc.) code for ChaCha-Poly1305, which is a big win for > tinc because it dramatically lowers CPU usage and increases maximum > achievable throughput. See > http://bench.cr.yp.to/impl-stream/chacha20.html This is quite a nice point,

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

On Mon, Dec 22, 2014 at 01:42:01AM +0100, Alexander Ypema wrote: > So as probably any Tinc user, I noticed there are two versions: 1.0 and > 1.1. On the website is explained that 1.1 is the stepping stone for 2.0 and > that it has a lot of neat features *planned*. However, in the repositories, > one usually finds version 1.0, and since I'm someone who prefers having >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greeting- How does tinc compare in security to openvpn? I am mostly using it to get around nating routers at homes of family members so I can help them when they have issues, but I am sure if I suggest tinc in a professional setting whoever I suggest it to will ask me the same thing. - -Brett - -- wynkoop at wynn.com

On Mon, Jan 05, 2015 at 08:10:48AM -0700, Lance Fredrickson wrote: > Allowing tinc to run without RSA keys is a very big > bonus for us embedded device users. We have a limited amount of nvram space > for storage (tomato firmware). RSA keys took up quite a bit, so being able > to run using only ED25519 makes tinc very appealing for this platform, and > saves tons of space for more

Hello, I am using the latest Tinc 1.1 from git (tinc version 1.1pre14-17-g2784a17 (built Jul 14 2016 14:18:09, protocol 17.7) on a CentOS 7.2 64bit with both test servers set it FIPS mode (cat /proc/sys/crypto/fips_enabled to verify or add fips=1 to your grub2 command line ). We need our test servers running in FIPS mode due to a minimum requirement for our project. OpenSSL in CentOS/RHEL has

I am looking to connect edge-routers in a VPN over the Internet, with requirement: - Mesh - NAT-traversing - 500 mbit throughput. I'm using Tinc 1.0.23 and it does this very nicely (I think I could also use 1.1, once it's considered stable) except for the througphut: the edgerouters cannot encrypt this fast. So I want to relieve the edge routers from this responsibility. If the end hosts

Hi there, we're using tinc to mesh together hosts in a public datacenter (instead of using a private VLAN, sort of). So all hosts are reasonably modern; connections are low latency with an available bandwith of around 500Mbit/s or 1Gbit/s (depending on how close they are to each other). Iperf between two nodes directly reports around 940Mbit/s. The CPUs are Intel(R) Core(TM) i7-4770 CPU @

Last time I checked there was a number of new libraries implementing Ed25519 and ChaCha-Poly1305, but everything seemed quite immature - I think it would be wise to wait until things settle down (maybe when it gets into OpenSSL). That said, there are significant advantages to using external libraries for this: some of them use heavily optimized (assembly, tuned for SSE etc.) code for

Since Fedora is pushing NSS SSL instead of OpenSSL, has someone tested tinc-vpn against NSS? As i recall, a single machine can not have OpenSSL and mod_nss installed at the same time anymore. So if you have apache running, you _may_ have problems running tinc? The nss api is supposed to mostly similar to openssl api, but there are some things openssl supports and somethings nss supports. Is

Guus Sliepen, on Wed 02 Dec 2015 13:53:37 +0100, wrote: > I guess in the future, we want to put a "cork" on the output until all > packets from a single recvmmsg() have been received, so that we can do > sendmmsg() on the resulting outgoing packets. Yes. > > More is yet to come: I'll have a look at extending the tun/tap interface > > to send/receive several

Or polarssl ? www.polarssl.org Static link? On 12/28/2014 11:00 AM, Pedro C?rte-Real wrote: > On Mon, Dec 22, 2014 at 9:30 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: >> Although the cryptography is now separated from the rest of the logic in >> tinc, it is not really replaceable, since only OpenSSL is supported. >> However, there is also a new protocol in tinc

Hello, Is it possible to sign/verify data with the ed25519 keys of a tinc 1.1 host? More specifically, is it possible to sign a file with these keys using openssl? If so, how? If not, what program could be used, and how? Thanks and cheers, @

Is there any indication of when we might see the protocol stabilize in the 1.1pre branch? It seems to be quite an improvement already. Perhaps some configuration could be added to allow for specifying a protocol version, rather than the 'ExperimentalProtocol=yes' flag? What are the roadblocks to stabilizing it and is there any need or desire for help accomplishing this? While I'm

Thank you, that is very helpful. And actually I do have a few further questions regarding this: 1. This weight is not the one specified in Subnet, this should be something related to the host, where can I manually configure this? 2. The weight value is ONLY take round trip latency as the measurement, or including CPU power and other factors into consideration? 3. I don't know how this

I have about 15 nodes running 1.1pre15 connected and running quite well. I don't remember why I installed 1.1preX originally. Possibly because I added a router with custom firmware to the network (Tomato Shibby firmware for my ASUS router) which included 1.1pre14. Now I'm trying to add an Openwrt device and it includes 1.0.33 only. This will replace the Tomato Shibby device with

With pleasure we announce the release of tinc version 1.1pre10. Here is a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not

With pleasure we announce the release of tinc version 1.1pre10. Here is a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not