What's new in tinc 1.0.36
Aug 26, 2019
- Fix compiling tinc with certain versions of the OpenSSL library.
- Fix parsing some IPv6 addresses with :: in them.
- Fix GraphDumpFile output to handle node names starting with a digit.
- Fix a potential segmentation fault when fragmenting packets.
New in tinc 1.0.35 (Oct 9, 2018)
- Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
- Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
New in tinc 1.0.34 (Jun 12, 2018)
- Fix a potential segmentation fault when connecting to an IPv6 peer via a proxy.
- Minor improvements to the build system.
- Make the systemd service file identical to the one from the 1.1 branch.
New in tinc 1.1pre15 (Nov 6, 2017)
- Detect when the machine is resuming from suspension or hibernation.
- When an old PID file is found, check whether the old daemon is still alive.
- Remember scope_id for IPv6 addresses when sending UDP packets to link-local addresses.
- Ensure compatibility with OpenSSL 1.1.
- Only log about dropped packets with debug level 5.
- Warn when trying to generate RSA keys less than 2048 bits.
- Use AES256 and SHA256 as the default encryption and digest algorithms.
- Add DeviceType = fd to support tinc on Android without requiring root.
- Support PriorityInheritance for IPv6 packets.
- Fixes for Solaris tun/tap support.
- Add a configurable expiration time for invitations.
- Store invitation data after a succesful join.
- Exit gracefully when the tun/tap device is in a bad state.
- Add the LogLevel option.
- AutoConnect now actively tries to heal split networks.
New in tinc 1.0.33 (Nov 6, 2017)
- Allow compilation from a build directory.
- Source code cleanups.
- Fix some options specified on the command line not surviving a HUP signal.
- Handle tun/tap device returning EPERM or EBUSY.
- Disable PMTUDiscovery when TCPOnly is used.
- Support the —runstatedir option of the autoconf 2.70.
New in tinc 1.1pre14 (Feb 8, 2017)
New in tinc 1.0.31 (Feb 8, 2017)
New in tinc 1.1 Pre10 (May 12, 2014)
- Added a benchmark tool (sptps_speed) for the new protocol.
- Fixed a crash when using Name = $HOST while $HOST is not set.
- Use AES-256-GCM for the new protocol.
- Updated support for Solaris.
- Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set.
- Enable various compiler hardening flags by default.
- Added support for a “conf.d” configuration directory.
- Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when tinc-gui is run in a 64-bits Python environment.
- Added a “ListenAddress” option, which like BindToAddress adds more listening address/ports, but doesn’t bind to them for outgoing sockets.
- Make invitations work better when the “invite” and “join” commands are not run interactively.
- When creating meta-connections to a node for which no Address statement is specified, try to use addresses learned from other nodes.
New in tinc 1.0.24 (May 12, 2014)
- Various compiler hardening flags are enabled by default.
- Updated support for Solaris, allowing switch mode on Solaris 11.
- Configuration will now also be read from a conf.d directory.
- Various updates to the documentation.
- Tinc now forces glibc to reload /etc/resolv.conf after it receives SIGALRM.
- Fixed a potential routing loop when IndirectData or TCPOnly is used and broadcast packets are being sent.
- Improved security with constant time memcmp and stricter use of OpenSSL’s RNG functions.
- Fixed all issues found by Coverity.
New in tinc 1.0.20 (Mar 5, 2013)
- Use /dev/tap0 by default on FreeBSD and NetBSD when using switch mode.
- Minor improvements and clarifications in the documentation.
- Allow tinc to be cross-compiled with Android’s NDK.
- The discovered PMTU is now also applied to VLAN tagged traffic.
- The LocalDiscovery option now makes use of all addresses tinc is bound to.
- Fixed support for tunemu on iOS devices.
- The PriorityInheritance option now also works with switch mode.
- Fixed tinc crashing when using a SOCKS5 proxy.
New in tinc 1.1 Pre2 (Mar 26, 2012)
- cookie files are renamed to .pid files, which are compatible with 1.0.x.
- Experimental protocol enhancements that can be enabled with the option ExperimentalProtocol = yes:
- Ephemeral ECDH key exchange will be used for both the meta protocol and UDP session keys.
- Key exchanges are signed with ECDSA.
- ECDSA public keys are automatically exchanged after RSA authentication if nodes do not know each other’s ECDSA public key yet.
New in tinc 1.0.18 (Mar 26, 2012)
- Fixed IPv6 in switch mode by turning off DecrementTTL by default.
- Allow a port number to be specified in BindToAddress, which also allows tinc to listen on multiple ports.
- Add support for multicast communication with UML/QEMU/KVM.