macOS
brew install tinclocal Homebrew formula metadata
sudo port install tincMacPorts ports tree · net/tinc/Portfile · source: api.github.com
brew
Virtual Private Network (VPN) tool. Version 1.0.37 via Homebrew; verified 2026-06-22.
install
brew install tinclocal Homebrew formula metadata
sudo port install tincMacPorts ports tree · net/tinc/Portfile · source: api.github.com
sudo apk add tincAlpine Linux edge package indexes · tinc · source: dl-cdn.alpinelinux.org
sudo apt install tincDebian stable package indexes · tinc · source: deb.debian.org
sudo dnf install tincFedora Rawhide package metadata · tinc · source: dl.fedoraproject.org
nix profile install nixpkgs#tincnixpkgs package indexes · pkgs/by-name/ti/tinc/package.nix · source: api.github.com
sudo pacman -S tincArch Linux sync databases · tinc · source: geo.mirror.pkgbuild.com
sudo zypper install tincopenSUSE Tumbleweed package metadata · tinc · source: download.opensuse.org
overview
Virtual Private Network (VPN) tool
history
tinc is a free-software VPN daemon that creates encrypted tunnels between hosts and exposes the VPN as a normal network device. Its long-term niche is small, self-managed mesh VPNs where users want userspace deployment, automatic routing between nodes, and Unix-style configuration files.
The official site presents tinc as a VPN daemon using tunnelling and encryption to create secure private networks over the Internet. Its design goal is practical: because the VPN appears to IP networking as a normal network device, existing software does not need to be adapted to use it.
tinc's documented history is bound up with peer-to-peer routing and cryptographic review. The manual records security work after a key-exchange issue found in August 2000, a 2001 analysis of tinc 1.0pre4 that led to sequence numbers and packet MACs, and a 2003 analysis of tinc 1.0.1. Later 1.1 documentation describes SPTPS as an improved protocol intended to be as strong as TLS with a strong cipher suite.
The project has maintained a conservative 1.0 stable line and a long 1.1 prerelease line. The official news page listed 1.1pre18 in 2021 and 1.0.37 in 2026, with 1.0.37 described as likely the last 1.0 release.
tinc's appeal has been strongest among Unix and network operators who want a deployable mesh VPN without kernel IPsec complexity. The official FAQ contrasts tinc with FreeS/WAN by emphasizing that tinc runs completely in userspace, improving portability and avoiding kernel crashes from implementation errors.
The official homepage lists broad platform support across Linux, BSDs, macOS, Solaris, and Windows, plus IPv6 support. The supplied package-manager facts show packaging in Homebrew, Debian, Ubuntu, Fedora/dnf, Alpine, Arch, MacPorts, Nix, and zypper, which is consistent with a mature infrastructure daemon maintained by many distributions.
tinc is configured per VPN network name with a main tinc.conf, a hosts directory containing peer configuration, optional conf.d snippets, and node private keys. Operators use it to connect hosts, bridge Ethernet segments, route private subnets, or create full-mesh peer networks across NAT where at least one node is reachable.
For package users, tinc is usually installed as a daemon plus manpages and examples, then wired into init systems or service managers. Its value is not a flashy CLI but a stable network primitive that package managers can ship for administrators who need private overlay networking.
tinc is significant because it sits between old-school Unix daemon packaging and modern overlay-network expectations. It predates the current wave of WireGuard- and coordination-server-based tools, yet already offered automatic full-mesh routing, NAT traversal, IPv6, and userspace portability.
Its package metadata exposes a classic ops footprint: system configuration under etc, per-network host files, private key material, daemon lifecycle, and platform-specific interface setup. That makes it a useful reference point when comparing VPN packages across Homebrew and Linux distributions.
security posture
formula declares a Homebrew service.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/usr/local/etc/tinc/<netname>/tinc.conf/usr/local/etc/tinc/<netname>/hosts//usr/local/etc/tinc/<netname>/conf.dCredential-bearing paths to review before unattended agent runs.
/usr/local/etc/tinc/<netname>/rsa_key.privexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
tincd | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:tinc |
|---|---|
| Version | 1.0.37 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/tinc |
| Homepage | https://www.tinc-vpn.org/ |
| Repository | https://tinc-vpn.org/git/tinc |
| Upstream docs | https://tinc-vpn.org/docs |
| License | GPL-2.0-or-later WITH openvpn-openssl-exception |
| Source archive | https://tinc-vpn.org/packages/tinc-1.0.37.tar.gz |
| Last updated | 2026-06-22T14:06:29-07:00 |
| Pulse | updated |
| Dependencies | lzo, openssl@4 |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | tinc |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
tinc 1.0.36-2.1
Virtual Private Network daemon
sudo apt install tinctinc
nix profile install nixpkgs#tinctinc 1.0.36-2build3
Virtual Private Network daemon
sudo apt install tinctinc 1.0.36-r6
Virtual Private Network (VPN) daemon
sudo apk add tinctinc-doc 1.0.36-r6
Virtual Private Network (VPN) daemon (documentation)
sudo apk add tinc-doctinc-openrc 1.0.36-r6
Virtual Private Network (VPN) daemon (OpenRC init scripts)
sudo apk add tinc-openrctinc 1.0.36-17.fc44
A virtual private network daemon
sudo dnf install tinctinc 1.0.36-4
VPN (Virtual Private Network) daemon
sudo pacman -S tinctinc 1.0.37-1.2
A virtual private network daemon
sudo zypper install tinctinc
sudo port install tincsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.