On Fri, Feb 01, 2008 at 02:51:36PM +0800, Sandy Harris wrote: > What I don't understand is why you think tinc is necessary, > or even worth the trouble. > > IPsec is readily available -- built into Windows, Mac OS > and various routers, and with implementations for Linux > and all the *BSDs -- has had quite a bit of expert > security analysis, and handles VPNs just fine. > > Does tinc do something that IPsec cannot?
Yes, there are a few reasons why people use tinc instead of IPsec. Those people who tried both tell me tinc is much easier to set up. Tinc tunnels over UDP and/or TCP. This allows it to work in situations where IPsec would not, for example behind (masquerading) firewalls. Tinc does not need fixed IP addresses at endpoints; endpoints can have more than one IP address, or hostnames, so it even works when one has dynamic DNS. With tinc, you can set up VPNs with more than 2 nodes, not by configuring more tunnels, but just by specifying endpoints. Tinc itself will handle the packet routing. It tries to set up a full mesh, but it has a built-in routing protocol, not unlike OSPF, that can route packets via intermediate nodes if that is necessary. As a side effect it provides some redundancy. -- Met vriendelijke groet / with kind regards, Guus Sliepen <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature