On Fri, Feb 01, 2008 at 02:51:36PM +0800, Sandy Harris wrote:

> What I don't understand is why you think tinc is necessary,
> or even worth the trouble.
> IPsec is readily available -- built into Windows, Mac OS
> and various routers, and with implementations for Linux
> and all the *BSDs -- has had quite a bit of expert
> security analysis, and handles VPNs just fine.
> Does tinc do something that IPsec cannot?

Yes, there are a few reasons why people use tinc instead of IPsec. Those
people who tried both tell me tinc is much easier to set up. Tinc
tunnels over UDP and/or TCP. This allows it to work in situations where
IPsec would not, for example behind (masquerading) firewalls.  Tinc does
not need fixed IP addresses at endpoints; endpoints can have more than
one IP address, or hostnames, so it even works when one has dynamic DNS.
With tinc, you can set up VPNs with more than 2 nodes, not by
configuring more tunnels, but just by specifying endpoints. Tinc itself
will handle the packet routing. It tries to set up a full mesh, but it
has a built-in routing protocol, not unlike OSPF, that can route packets
via intermediate nodes if that is necessary. As a side effect it
provides some redundancy.

Met vriendelijke groet / with kind regards,
      Guus Sliepen <[EMAIL PROTECTED]>

Attachment: signature.asc
Description: Digital signature

Reply via email to