With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now uses UDP much more often. * Tinc "del" and "get" commands now return a non-zero exit code when they don't find the requested variable. * Updated documentation. * Added a "DeviceStandby" option to defer running tinc-up until a working connection is made, and which on Windows will also change the network interface link status accordingly. * Tinc now tells the resolver to reload /etc/resolv.conf when it receives SIGALRM. * Improved error messages and event loop handling on Windows. * LocalDiscovery now uses local address learned from other nodes, and is enabled by default. * Added a "BroadcastSubnet" option to change the behavior of broadcast packets in router mode. * Added support for dotted quad notation in IPv6 (e.g. ::1.2.3.4). * Improved format of printed Subnets, MAC and IPv6 addresses. * Added a "--batch" option to force the tinc CLI to run in non-interactive mode. * Improve default Device selection on *BSD and Mac OS X. * Allow running tinc without RSA keys. Thanks to Etienne Dechamps, Sven-Haegar Koch, William A. Kennington III, Baptiste Jonglez, Alexis Hildebrandt, Armin Fisslthaler, Franz Pletz, Alexander Ried and Saverio Proto for their contributions to this version of tinc. Please note that although tinc 1.1pre11 is backwards compatible with tinc 1.0.x, it is NOT compatible with tinc 1.1pre1 through 1.1pre10. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141227/f64a16be/attachment.sig>
Congratulations Guus! 2014-12-27 6:41 GMT-02:00 Guus Sliepen <guus at tinc-vpn.org>:> With pleasure we announce the release of tinc version 1.1pre11. Here is > a summary of the changes: > > * Added a "network" command to list or switch networks. > > * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new > protocol. > > * AutoConnect is now a boolean option, when enabled tinc always tries > to keep at least three meta-connections open. > > * The new protocol now uses UDP much more often. > > * Tinc "del" and "get" commands now return a non-zero exit code when > they don't find the requested variable. > > * Updated documentation. > > * Added a "DeviceStandby" option to defer running tinc-up until a > working connection is made, and which on Windows will also change the > network interface link status accordingly. > > * Tinc now tells the resolver to reload /etc/resolv.conf when it > receives SIGALRM. > > * Improved error messages and event loop handling on Windows. > > * LocalDiscovery now uses local address learned from other nodes, and > is enabled by default. > > * Added a "BroadcastSubnet" option to change the behavior of broadcast > packets in router mode. > > * Added support for dotted quad notation in IPv6 (e.g. ::1.2.3.4). > > * Improved format of printed Subnets, MAC and IPv6 addresses. > > * Added a "--batch" option to force the tinc CLI to run in > non-interactive mode. > > * Improve default Device selection on *BSD and Mac OS X. > > * Allow running tinc without RSA keys. > > Thanks to Etienne Dechamps, Sven-Haegar Koch, William A. Kennington III, > Baptiste Jonglez, Alexis Hildebrandt, Armin Fisslthaler, Franz Pletz, > Alexander Ried and Saverio Proto for their contributions to this version > of tinc. > > Please note that although tinc 1.1pre11 is backwards compatible with > tinc 1.0.x, it is NOT compatible with tinc 1.1pre1 through 1.1pre10. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141227/05b8466a/attachment.html>
On Sat, Dec 27, 2014 at 8:41 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:> * LocalDiscovery now uses local address learned from other nodes, and > is enabled by default.Does this mean nodes will now lookup their local addresses and send those to peers for them to try to connect to? If so it sounds great as LocalDiscovery in 1.0 fails if one of the peers is behind NAT but can directly reach another peer. Cheers, Pedro
Yes, it means exactly that. See https://github.com/gsliepen/tinc/pull/26 for details. On Sun, Dec 28, 2014 at 5:57 PM, Pedro C?rte-Real <pedro at pedrocr.net> wrote:> On Sat, Dec 27, 2014 at 8:41 AM, Guus Sliepen <guus at tinc-vpn.org> wrote: >> * LocalDiscovery now uses local address learned from other nodes, and >> is enabled by default. > > Does this mean nodes will now lookup their local addresses and send > those to peers for them to try to connect to? If so it sounds great as > LocalDiscovery in 1.0 fails if one of the peers is behind NAT but can > directly reach another peer. > > Cheers, > > Pedro > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Just wanted to pop in and say I think 1.1pre11 is a really good release. I have a couple nodes behind a work firewall (sonicwall) over which I have no control. Previously nodes always fell back to TCP, and the connection was unusable. Now it always connects over UDP and works like it did before they put in the new sonicwall. The change to ED25519 keys is nice too. The benchmarks performed on my RT-N16 embedded linux device show much higher numbers, and over double theoretical throughput. I still need to test real-world performance, but it looks very promising. Allowing tinc to run without RSA keys is a very big bonus for us embedded device users. We have a limited amount of nvram space for storage (tomato firmware). RSA keys took up quite a bit, so being able to run using only ED25519 makes tinc very appealing for this platform, and saves tons of space for more nodes or other things. Great release and thanks for your work! Lance
On Mon, Jan 5, 2015 at 7:10 AM, Lance Fredrickson <lancethepants at gmail.com> wrote:> Just wanted to pop in and say I think 1.1pre11 is a really good release. > I have a couple nodes behind a work firewall (sonicwall) over which I have > no control. Previously nodes always fell back to TCP, and the connection > was unusable. Now it always connects over UDP and works like it did before > they put in the new sonicwall. > > The change to ED25519 keys is nice too. The benchmarks performed on my > RT-N16 embedded linux device show much higher numbers, and over double > theoretical throughput. I still need to test real-world performance, but itCool!> looks very promising. Allowing tinc to run without RSA keys is a very big > bonus for us embedded device users. We have a limited amount of nvram space > for storage (tomato firmware). RSA keys took up quite a bit, so being able > to run using only ED25519 makes tinc very appealing for this platform, and > saves tons of space for more nodes or other things. > > Great release and thanks for your work!I am going to start fiddling with this release over the next quarter as well. * Would anyone care for udplite support? Adding it is easy (mostly done already), but there isn't a whole lot of point (aside from my research into what protocols can be carried end to end in the ipv6 era). * There MAY be some linux kernel work into a better virtual tunneling device coming up. * I am pretty hot on the "add fq and codel" to a vpn daemon idea, is anyone else interested in pursuing that with me?> Lance > > _______________________________________________ > tinc-devel mailing list > tinc-devel at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-devel-- Dave T?ht thttp://www.bufferbloat.net/projects/bloat/wiki/Upcoming_Talks
On Mon, Jan 05, 2015 at 08:10:48AM -0700, Lance Fredrickson wrote:> Allowing tinc to run without RSA keys is a very big > bonus for us embedded device users. We have a limited amount of nvram space > for storage (tomato firmware). RSA keys took up quite a bit, so being able > to run using only ED25519 makes tinc very appealing for this platform, and > saves tons of space for more nodes or other things.Interesting. Do these devices not have a writable filesystem, or is there some other reason you store the keys in nvram? In any case, the current version in git also allows you to compile tinc without OpenSSL, saving disk space as well :) -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20150113/4b4a26b0/attachment.sig>