Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

tinc performance is limited by the encryption performance on single core. I suspect for Linux network engineers it could be a better choice than author suggests. tinc is very mature and battle tested.


I don't know much about tinc for mobile devices, are there decent clients?


There's a great client for Android yes. https://tincapp.pacien.org/

For iOS there isn't. Last time I checked there's only one without a GUI that needs root.

PS tinc is not fully zero trust. Every node can connect to every other one. This includes vps nodes you'll probably use for firewall traversal. Other systems have a 'lighthouse' concept where the vps just coordinates traffic but isn't able to actually read it.


> Every node can connect to every other one.

At the Tinc level, they can't connect to you unless you have their public key configured locally.

At the IP level, set 'StrictSubnets = yes' in the main config file to prevent nodes not explicitly configured locally to send packets to you.


I don’t use it on mobile devices so not sure. Instead I use a cloud server which joins the tinc mesh and and also runs wireguard service which then acts as a router.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: