Automic VaultAutomic Vault

brew

Install tinc with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Virtual Private Network (VPN) tool. Version 1.0.37 via Homebrew; verified 2026-06-22.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install tinc

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install tinc

MacPorts ports tree · net/tinc/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add tinc

Alpine Linux edge package indexes · tinc · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install tinc

Debian stable package indexes · tinc · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install tinc

Fedora Rawhide package metadata · tinc · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#tinc

nixpkgs package indexes · pkgs/by-name/ti/tinc/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S tinc

Arch Linux sync databases · tinc · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install tinc

openSUSE Tumbleweed package metadata · tinc · source: download.opensuse.org

overview

Package summary

Virtual Private Network (VPN) tool

Commands and aliases

  • tincd

history

Project history and usage

tinc is a free-software VPN daemon that creates encrypted tunnels between hosts and exposes the VPN as a normal network device. Its long-term niche is small, self-managed mesh VPNs where users want userspace deployment, automatic routing between nodes, and Unix-style configuration files.

Project history

The official site presents tinc as a VPN daemon using tunnelling and encryption to create secure private networks over the Internet. Its design goal is practical: because the VPN appears to IP networking as a normal network device, existing software does not need to be adapted to use it.

tinc's documented history is bound up with peer-to-peer routing and cryptographic review. The manual records security work after a key-exchange issue found in August 2000, a 2001 analysis of tinc 1.0pre4 that led to sequence numbers and packet MACs, and a 2003 analysis of tinc 1.0.1. Later 1.1 documentation describes SPTPS as an improved protocol intended to be as strong as TLS with a strong cipher suite.

The project has maintained a conservative 1.0 stable line and a long 1.1 prerelease line. The official news page listed 1.1pre18 in 2021 and 1.0.37 in 2026, with 1.0.37 described as likely the last 1.0 release.

Adoption history

tinc's appeal has been strongest among Unix and network operators who want a deployable mesh VPN without kernel IPsec complexity. The official FAQ contrasts tinc with FreeS/WAN by emphasizing that tinc runs completely in userspace, improving portability and avoiding kernel crashes from implementation errors.

The official homepage lists broad platform support across Linux, BSDs, macOS, Solaris, and Windows, plus IPv6 support. The supplied package-manager facts show packaging in Homebrew, Debian, Ubuntu, Fedora/dnf, Alpine, Arch, MacPorts, Nix, and zypper, which is consistent with a mature infrastructure daemon maintained by many distributions.

How it is used

tinc is configured per VPN network name with a main tinc.conf, a hosts directory containing peer configuration, optional conf.d snippets, and node private keys. Operators use it to connect hosts, bridge Ethernet segments, route private subnets, or create full-mesh peer networks across NAT where at least one node is reachable.

For package users, tinc is usually installed as a daemon plus manpages and examples, then wired into init systems or service managers. Its value is not a flashy CLI but a stable network primitive that package managers can ship for administrators who need private overlay networking.

Why package nerds care

tinc is significant because it sits between old-school Unix daemon packaging and modern overlay-network expectations. It predates the current wave of WireGuard- and coordination-server-based tools, yet already offered automatic full-mesh routing, NAT traversal, IPv6, and userspace portability.

Its package metadata exposes a classic ops footprint: system configuration under etc, per-network host files, private key material, daemon lifecycle, and platform-specific interface setup. That makes it a useful reference point when comparing VPN packages across Homebrew and Linux distributions.

Timeline

  • 2000: The manual records a key-exchange security issue affecting versions up to 1.0pre2 and subsequent authentication work.
  • 2001: The manual records analysis of tinc 1.0pre4 and later replay-protection improvements.
  • 2003: The manual records security analysis of tinc 1.0.1.
  • 2018: Official news announced 1.0.35 and 1.1pre17 with fixes for CVE-2018-16737, CVE-2018-16738, and CVE-2018-16758.
  • 2021: Official news announced 1.1pre18.
  • 2026: Official news announced 1.0.37, likely the last 1.0 release.

Related projects

  • FreeS/WAN is named in the official FAQ as a comparison point for IPsec-style VPNs.
  • TLS and IPsec appear in tinc's manual as security comparison points for the legacy protocol.
  • OpenSSL and LibreSSL are part of tinc's cryptographic implementation according to the homepage and manual.

security posture

Risk level: orange

formula declares a Homebrew service.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • formula declares a Homebrew service

Signals

  • metadata:service

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Formula metadata declares a service or daemon block.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 2 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/usr/local/etc/tinc/<netname>/tinc.conf/usr/local/etc/tinc/<netname>/hosts//usr/local/etc/tinc/<netname>/conf.d

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
/usr/local/etc/tinc/<netname>/rsa_key.priv

executables

Installed executables

CommandKindExposureNote
tincdcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.0.37
manager updated2026-06-22
local dataok
upstreamnot checked
latest detectednot detected

https://www.tinc-vpn.org/

install metadata

Package metadata

Package keybrew:tinc
Version1.0.37
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/tinc
Homepagehttps://www.tinc-vpn.org/
Repositoryhttps://tinc-vpn.org/git/tinc
Upstream docshttps://tinc-vpn.org/docs
LicenseGPL-2.0-or-later WITH openvpn-openssl-exception
Source archivehttps://tinc-vpn.org/packages/tinc-1.0.37.tar.gz
Last updated2026-06-22T14:06:29-07:00
Pulseupdated
Dependencieslzo, openssl@4
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicedeclared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nametinc
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

tinc 1.0.36-2.1

Virtual Private Network daemon

http://www.tinc-vpn.org/

sudo apt install tinc
  • Section: net
  • Architecture: amd64
  • 5 dependencies
  • normalized package name match
  • Matched by: Tinc
Debian stable package indexes · deb.debian.org · Debian stable package indexes: tinc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

tinc

nix profile install nixpkgs#tinc
  • normalized package name match
  • Matched by: Tinc
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ti/tinc/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

tinc 1.0.36-2build3

Virtual Private Network daemon

http://www.tinc-vpn.org/

sudo apt install tinc
  • Section: universe/net
  • Architecture: amd64
  • 5 dependencies
  • normalized package name match
  • Matched by: Tinc
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: tinc from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

tinc 1.0.36-r6

Virtual Private Network (VPN) daemon

https://www.tinc-vpn.org

sudo apk add tinc
  • License: GPL-2.0-or-later WITH OpenSSL-Exception
  • Architecture: x86_64
  • Source Package: tinc
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Tinc
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: tinc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

tinc-doc 1.0.36-r6

Virtual Private Network (VPN) daemon (documentation)

https://www.tinc-vpn.org

sudo apk add tinc-doc
  • License: GPL-2.0-or-later WITH OpenSSL-Exception
  • Architecture: x86_64
  • Source Package: tinc
  • normalized package name match
  • Matched by: Tinc
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: tinc-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

tinc-openrc 1.0.36-r6

Virtual Private Network (VPN) daemon (OpenRC init scripts)

https://www.tinc-vpn.org

sudo apk add tinc-openrc
  • License: GPL-2.0-or-later WITH OpenSSL-Exception
  • Architecture: x86_64
  • Source Package: tinc
  • normalized package name match
  • Matched by: Tinc
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: tinc-openrc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
dnf95%

tinc 1.0.36-17.fc44

A virtual private network daemon

http://www.tinc-vpn.org/

sudo dnf install tinc
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: tinc
  • 8 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Tinc
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: tinc from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

tinc 1.0.36-4

VPN (Virtual Private Network) daemon

https://www.tinc-vpn.org/

sudo pacman -S tinc
  • License: GPL
  • Architecture: x86_64
  • 3 dependencies
  • normalized package name match
  • Matched by: Tinc
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: tinc from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

tinc 1.0.37-1.2

A virtual private network daemon

http://www.tinc-vpn.org

sudo zypper install tinc
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: tinc
  • 5 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Tinc
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: tinc from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

tinc

sudo port install tinc
  • normalized package name match
  • Matched by: Tinc
MacPorts ports tree · api.github.com · MacPorts ports tree: net/tinc/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment