Skip to main content

Tinc Boot


Tinc-boot - is a all-in-one tool with zero dependency (except tinc of course), that aims to achieve:

  • one-line node initialization
  • automatic keys distribution
  • simplified procedure to add new node to existent net

# Overview

Idea to create a easy-to-use wrapper over tinc vpn.

Tinc VPN - is full-mesh, auto-healing, time-proofed VPN system without single point of failure, with high-throughput and serious cryptography. All nodes in a Tinc network are fully equal. New nodes discovering full topology through any entry point. Node may interact with each other even if they don’t have direct connections.

Tinc is a great and have a lot of features. It’s ideal for a complicated situations (China, Russia and others). I really admire the project.


But… it’s pain to configure and maintain.

Pain to create a new node. Pain to add new node to network.

Minimal configuration for a first public node:

  • 2 files (tinc.conf, hostfile),
  • 1 script (tinc-up),
  • 2 directories (net, hosts),
  • 1 command execution (key generation).

(let’s not count service initialization and other common stuff)

Second node adds key exchange (+1 operation if we will use rsync, or +2 operations if manually).


Next new public nodes require increasing number of additional operations (+N operations, where N is a number of public nodes).


To be honest, to just to connect to the network an only single key exchange operation required: with any public node. Than tincd will discover all other nodes.

But after your node disconnect/reboot and in case of death of your entry node you will be no more able to connect to other alive nodes (because they don’t know your key and your node don’t know theirs).