# Install tinc with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Virtual Private Network (VPN) tool. Version 1.0.37 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:tinc
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install tinc
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install tinc
```

  Evidence: MacPorts ports tree: net/tinc/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add tinc
```

  Evidence: Alpine Linux edge package indexes: tinc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install tinc
```

  Evidence: Debian stable package indexes: tinc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install tinc
```

  Evidence: Fedora Rawhide package metadata: tinc from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#tinc
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ti/tinc/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S tinc
```

  Evidence: Arch Linux sync databases: tinc from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install tinc
```

  Evidence: openSUSE Tumbleweed package metadata: tinc from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:tinc
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/tinc>
- **Version:** 1.0.37
- **Source summary:** Virtual Private Network (VPN) tool
- **Homepage:** <https://www.tinc-vpn.org/>
- **Repository:** <https://tinc-vpn.org/git/tinc>
- **Upstream docs:** <https://tinc-vpn.org/docs>
- **License:** GPL-2.0-or-later WITH openvpn-openssl-exception
- **Source archive:** <https://tinc-vpn.org/packages/tinc-1.0.37.tar.gz>
- **Last updated:** 2026-06-22T14:06:29-07:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- tincd (cli)
- tincd (alias)

## Dependencies

- lzo
- openssl@4

## Install behavior

- Post-install hook: not defined
- Service: declared
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.0.37
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://www.tinc-vpn.org/
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

tinc is a free-software VPN daemon that creates encrypted tunnels between hosts and exposes the VPN as a normal network device. Its long-term niche is small, self-managed mesh VPNs where users want userspace deployment, automatic routing between nodes, and Unix-style configuration files.

### Project history

The official site presents tinc as a VPN daemon using tunnelling and encryption to create secure private networks over the Internet. Its design goal is practical: because the VPN appears to IP networking as a normal network device, existing software does not need to be adapted to use it.

tinc's documented history is bound up with peer-to-peer routing and cryptographic review. The manual records security work after a key-exchange issue found in August 2000, a 2001 analysis of tinc 1.0pre4 that led to sequence numbers and packet MACs, and a 2003 analysis of tinc 1.0.1. Later 1.1 documentation describes SPTPS as an improved protocol intended to be as strong as TLS with a strong cipher suite.

The project has maintained a conservative 1.0 stable line and a long 1.1 prerelease line. The official news page listed 1.1pre18 in 2021 and 1.0.37 in 2026, with 1.0.37 described as likely the last 1.0 release.

### Adoption history

tinc's appeal has been strongest among Unix and network operators who want a deployable mesh VPN without kernel IPsec complexity. The official FAQ contrasts tinc with FreeS/WAN by emphasizing that tinc runs completely in userspace, improving portability and avoiding kernel crashes from implementation errors.

The official homepage lists broad platform support across Linux, BSDs, macOS, Solaris, and Windows, plus IPv6 support. The supplied package-manager facts show packaging in Homebrew, Debian, Ubuntu, Fedora/dnf, Alpine, Arch, MacPorts, Nix, and zypper, which is consistent with a mature infrastructure daemon maintained by many distributions.

### How it is used

tinc is configured per VPN network name with a main tinc.conf, a hosts directory containing peer configuration, optional conf.d snippets, and node private keys. Operators use it to connect hosts, bridge Ethernet segments, route private subnets, or create full-mesh peer networks across NAT where at least one node is reachable.

For package users, tinc is usually installed as a daemon plus manpages and examples, then wired into init systems or service managers. Its value is not a flashy CLI but a stable network primitive that package managers can ship for administrators who need private overlay networking.

### Why package nerds care

tinc is significant because it sits between old-school Unix daemon packaging and modern overlay-network expectations. It predates the current wave of WireGuard- and coordination-server-based tools, yet already offered automatic full-mesh routing, NAT traversal, IPv6, and userspace portability.

Its package metadata exposes a classic ops footprint: system configuration under etc, per-network host files, private key material, daemon lifecycle, and platform-specific interface setup. That makes it a useful reference point when comparing VPN packages across Homebrew and Linux distributions.

### Timeline

- 2000: The manual records a key-exchange security issue affecting versions up to 1.0pre2 and subsequent authentication work.
- 2001: The manual records analysis of tinc 1.0pre4 and later replay-protection improvements.
- 2003: The manual records security analysis of tinc 1.0.1.
- 2018: Official news announced 1.0.35 and 1.1pre17 with fixes for CVE-2018-16737, CVE-2018-16738, and CVE-2018-16758.
- 2021: Official news announced 1.1pre18.
- 2026: Official news announced 1.0.37, likely the last 1.0 release.

### Related projects

- FreeS/WAN is named in the official FAQ as a comparison point for IPsec-style VPNs.
- TLS and IPsec appear in tinc's manual as security comparison points for the legacy protocol.
- OpenSSL and LibreSSL are part of tinc's cryptographic implementation according to the homepage and manual.

### Sources

- <https://tinc-vpn.org/: official feature overview, supported platforms, latest stable release.>
- <https://tinc-vpn.org/docs/ and https://tinc-vpn.org/documentation/: official manual and documentation index.>
- <https://tinc-vpn.org/news/: release and security history.>
- <https://tinc-vpn.org/repository/: official repository clone URL.>
- source_facts.package-manager: package availability across package managers.


## Security Notes

formula declares a Homebrew service.

- **Geiger risk:** orange / medium
- formula declares a Homebrew service


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /usr/local/etc/tinc/<netname>/tinc.conf, /usr/local/etc/tinc/<netname>/hosts/, /usr/local/etc/tinc/<netname>/conf.d

## Credential files

- Unix: /usr/local/etc/tinc/<netname>/rsa_key.priv
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** tinc
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - tinc - 1.0.36-2.1: normalized package name match | Debian stable package indexes: tinc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Virtual Private Network daemon | http://www.tinc-vpn.org/
- Nix - tinc: normalized package name match | nixpkgs package indexes: pkgs/by-name/ti/tinc/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - tinc - 1.0.36-2build3: normalized package name match | Ubuntu 24.04 LTS package indexes: tinc from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Virtual Private Network daemon | http://www.tinc-vpn.org/
- apk - tinc - 1.0.36-r6: normalized package name match | Alpine Linux edge package indexes: tinc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Virtual Private Network (VPN) daemon | https://www.tinc-vpn.org
- apk - tinc-doc - 1.0.36-r6: normalized package name match | Alpine Linux edge package indexes: tinc-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Virtual Private Network (VPN) daemon (documentation) | https://www.tinc-vpn.org
- apk - tinc-openrc - 1.0.36-r6: normalized package name match | Alpine Linux edge package indexes: tinc-openrc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Virtual Private Network (VPN) daemon (OpenRC init scripts) | https://www.tinc-vpn.org
- dnf - tinc - 1.0.36-17.fc44: normalized package name match | Fedora Rawhide package metadata: tinc from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | A virtual private network daemon | http://www.tinc-vpn.org/
- pacman - tinc - 1.0.36-4: normalized package name match | Arch Linux sync databases: tinc from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | VPN (Virtual Private Network) daemon | https://www.tinc-vpn.org/
- zypper - tinc - 1.0.37-1.2: normalized package name match | openSUSE Tumbleweed package metadata: tinc from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | A virtual private network daemon | http://www.tinc-vpn.org
- MacPorts - tinc: normalized package name match | MacPorts ports tree: net/tinc/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [openssl@4](https://www.automicvault.com/pkg/brew/openssl-4/) - Runtime dependency declared by Homebrew.
- [dsvpn](https://www.automicvault.com/pkg/brew/dsvpn/) - Shares av.db curated category or tags: cli, encryption, networking, tunneling, vpn.
- [edgevpn](https://www.automicvault.com/pkg/brew/edgevpn/) - Shares av.db curated category or tags: cli, networking, vpn.
- [fastd](https://www.automicvault.com/pkg/brew/fastd/) - Shares av.db curated category or tags: cli, networking, tunneling, vpn.
- [macosvpn](https://www.automicvault.com/pkg/brew/macosvpn/) - Shares av.db curated category or tags: cli, networking, vpn.
- [onioncat](https://www.automicvault.com/pkg/brew/onioncat/) - Shares av.db curated category or tags: cli, networking, tunneling, vpn.
- [openvpn](https://www.automicvault.com/pkg/brew/openvpn/) - Shares av.db curated category or tags: cli, networking, tunneling, vpn.
- [sshuttle](https://www.automicvault.com/pkg/brew/sshuttle/) - Shares av.db curated category or tags: cli, networking, tunneling, vpn.
- [sstp-client](https://www.automicvault.com/pkg/brew/sstp-client/) - Shares av.db curated category or tags: cli, networking, vpn.

## Combined YAML source

View the package source record on GitHub. [combined/tinc.yml](https://github.com/automic-vault/db/blob/main/combined/tinc.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
