On Fri, Feb 01, 2008 at 02:51:36PM +0800, Sandy Harris wrote: > What I don't understand is why you think tinc is necessary, > or even worth the trouble. > > IPsec is readily available -- built into Windows, Mac OS > and various routers, and with implementations for Linux > and all the *BSDs -- has had quite a bit of expert > security analysis, and handles VPNs just fine. > > Does tinc do something that IPsec cannot?
Yes, there are a few reasons why people use tinc instead of IPsec. Those
people who tried both tell me tinc is much easier to set up. Tinc
tunnels over UDP and/or TCP. This allows it to work in situations where
IPsec would not, for example behind (masquerading) firewalls. Tinc does
not need fixed IP addresses at endpoints; endpoints can have more than
one IP address, or hostnames, so it even works when one has dynamic DNS.
With tinc, you can set up VPNs with more than 2 nodes, not by
configuring more tunnels, but just by specifying endpoints. Tinc itself
will handle the packet routing. It tries to set up a full mesh, but it
has a built-in routing protocol, not unlike OSPF, that can route packets
via intermediate nodes if that is necessary. As a side effect it
provides some redundancy.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature
