{"id":21296875,"url":"https://github.com/reddec/tinc-boot","last_synced_at":"2025-08-21T03:11:15.382Z","repository":{"id":38955746,"uuid":"209716040","full_name":"reddec/tinc-boot","owner":"reddec","description":"Bootstrap your Tinc node quickly and easy","archived":false,"fork":false,"pushed_at":"2023-02-25T00:50:52.000Z","size":140,"stargazers_count":158,"open_issues_count":6,"forks_count":28,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-08-15T23:04:48.297Z","etag":null,"topics":["admin-toolkit","mesh-networks","tinc","tincd","vpn"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reddec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"github":null,"patreon":"reddec","open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://reddec.net/about/#donate"]}},"created_at":"2019-09-20T05:58:43.000Z","updated_at":"2025-07-12T09:37:34.000Z","dependencies_parsed_at":"2024-01-13T22:33:13.947Z","dependency_job_id":null,"html_url":"https://github.com/reddec/tinc-boot","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/reddec/tinc-boot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Ftinc-boot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Ftinc-boot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Ftinc-boot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Ftinc-boot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reddec","download_url":"https://codeload.github.com/reddec/tinc-boot/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Ftinc-boot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271420146,"owners_count":24756490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["admin-toolkit","mesh-networks","tinc","tincd","vpn"],"created_at":"2024-11-21T14:30:18.872Z","updated_at":"2025-08-21T03:11:15.364Z","avatar_url":"https://github.com/reddec.png","language":"Go","funding_links":["https://patreon.com/reddec","https://reddec.net/about/#donate"],"categories":["Proxy and VPN"],"sub_categories":["Python"],"readme":"# Tinc-Boot\n\n[![license](https://img.shields.io/github/license/reddec/tinc-boot.svg)](https://github.com/reddec/tinc-boot)\n[![](https://godoc.org/github.com/reddec/tinc-boot?status.svg)](http://godoc.org/github.com/reddec/tinc-boot)\n[![donate](https://img.shields.io/badge/help_by️-donate❤-ff69b4)](http://reddec.net/about/#donate)\n[![Download](https://api.bintray.com/packages/reddec/debian/tinc-boot/images/download.svg)](https://bintray.com/reddec/debian/tinc-boot/_latestVersion)\n\nIdea to create a easy-to-use wrapper over [tinc vpn](https://www.tinc-vpn.org).\n\n## Quick start (linux only)\n\n[skip to installation](#installation)\n\n### Automatic\n\n**node 1**\n\n    sudo tinc-boot run\n\n**node 2**\n\nfollow command from previous operation\n\n### Custom token\n\n**node 1**\n\n    sudo tinc-boot -t MYSECRET run \n\n**node 2**\n\n    sudo tinc-boot run -t MYSECRET --join http://\u003cnode1\u003e:8665\n\n### Firewall\n\n\u003e Use (--ufw) to open port on ufw-based systems automatically \n\u003e \n\u003e     tinc-boot run --ufw ...\n\u003e \n\u003e Required opened default ports:\n\u003e\n\u003e  * `\u003cport\u003e/udp,\u003cport\u003e/tcp` - port defined as `--tinc-port` or generated in `tinc.conf`\n\u003e * `8665/tcp` - port defined as `-p --port` for boot protocol\n\u003e * `18655/tcp (tinc interface)` - internal port for communication. Only for interface defined in `tinc.conf`\n\n## Overview\n\nTinc VPN - is full-mesh, auto-healing, time-proofed VPN system without single point of failure, with high-throughput and\nserious cryptography. All nodes in a Tinc network are fully equal. New nodes discovering full topology through any entry\npoint. Node may interact with each other even if they don't have direct connections.\n\nTinc is a great and have a lot of features. It's ideal for a complicated situations (China, Russia and others). I really\nadmire the project.\n\n![transit](https://user-images.githubusercontent.com/6597086/65304801-1b4ae480-dbb4-11e9-933f-b890242358ab.png)\n\n**But...** it's pain to configure and maintain.\n\nPain to create a new node. Pain to add new node to network.\n\nMinimal configuration for a first public node:\n\n* 2 files (tinc.conf, hostfile),\n* 1 script (tinc-up),\n* 2 directories (net, hosts),\n* 1 command execution (key generation).\n\n(let's not count service initialization and other common stuff)\n\nSecond node adds key exchange (+1 operation if we will use `rsync`, or +2 operations if manually).\n\n![second_node](https://user-images.githubusercontent.com/6597086/65304124-72e85080-dbb2-11e9-939f-6359095dbe54.png)\n\nNext new public nodes require increasing number of additional operations (+N operations, where N is a number of public\nnodes).\n\n![third_node](https://user-images.githubusercontent.com/6597086/65304303-df634f80-dbb2-11e9-8b9a-32bd4c6b9c46.png)\n\n\n\u003e To be honest, to just to connect to the network an only single key exchange operation required: with any public node.\n\u003e Than tincd will discover all other nodes.\n\u003e\n\u003e **But** after your node disconnect/reboot and in case of death of your entry node you will be no more able to connect\n\u003e to other alive nodes (because they don't know your key and your node don't know theirs).\n\n\n\n**Tinc-boot** - is a all-in-one tool with zero dependency (except `tinc` of course), that aims to achieve:\n\n1. one-line node initialization\n2. automatic keys distribution\n3. simplified procedure to add new node to existent net\n\nWith simple UI (available on your VPN address with port 1655 by default)\n\n![image](https://user-images.githubusercontent.com/6597086/66646721-92c2df80-ec59-11e9-90b3-153b50dd38be.png)\n\nDonating always welcome\n\n* ETH: `0xA4eD4fB5805a023816C9B55C52Ae056898b6BdBC`\n* BTC: `bc1qlj4v32rg8w0sgmtk8634uc36evj6jn3d5drnqy`\n\n## Installation\n\n* (recommended) look at  [releases](https://github.com/reddec/tinc-boot/releases) page and download\n* one line shell command:\n\n```\ncurl -L https://github.com/reddec/tinc-boot/releases/latest/download/tinc-boot_linux_amd64.tar.gz | sudo tar -xz -C /usr/local/bin/ tinc-boot\n```\n\n* build from source `go get -v github.com/reddec/tinc-boot/cmd/...`\n* [Ansible galaxy](https://galaxy.ansible.com/reddec/tinc_boot): `ansible-galaxy install reddec.tinc_boot`\n\n* From bintray repository for most **debian**-based distribution (`trusty`, `xenial`, `bionic`, `buster`, `wheezy`):\n\n```bash\nsudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 379CE192D401AB61\necho \"deb https://dl.bintray.com/reddec/debian {distribution} main\" | sudo tee -a /etc/apt/sources.list\nsudo apt install tinc-boot\n```\n\n### Independent maintainers\n\n* **Arch Linux** in\n  AUR [package `tinc-boot-git`](https://aur.archlinux.org/packages/tinc-boot-git/): `yaourt -S tinc-boot-git`\n\n### Support\n\n* [Community Discord](https://discord.gg/eBzNeC9)\n* [Contact me](https://reddec.net/about/)\n\n### Build requirements\n\n* go 1.13+\n\n## Documentation\n\n* Available by `--help` for all commands\n* Available in [MANUAL.md](MANUAL.md)\n\n## Runtime requirements\n\n* Linux\n* `tincd 1.10.xx`\n* `bash`\n* (recommended) `systemd`\n\n## Tested operation systems\n\n* Ubuntu 18.04 x64\n* Archlinux (Q1 2019) x64\n* Manjaro (Q1 2019) x64\n\nShould work on all major linux systems, except generated helpers useful only for systemd-based OS.\n\n# Quick start\n\nDownload/build binary to `/usr/local/bin/tinc-boot`.\n\n## First node\n\n```\nsudo tinc-boot gen --standalone -a \u003cPUBLIC ADDRESS\u003e\n```\n\nand follow recommendations\n\n### Explanation\n\n* `--standalone` means that it's a first node, no need for keys exchange\n* `-a \u003caddress\u003e` sets public address of node (if exists); could be used several times\n\nWill generate all required files under `/etc/tinc/dnet`.\n\n## Turn node to boot node\n\n```\nsudo tinc-boot bootnode --service --token \u003cSECRETTOKEN\u003e\n```\n\nand follow recommendations\n\n### Explanation\n\n* `--service` generates systemd file to `/etc/systemd/system/tinc-boot-{net}.service`\n* `--dir` location of tinc configuration\n* `--token` set's authorization token that will be used by clients\n\n## Create another node and join to net\n\n```\nsudo tinc-boot gen --token \u003cSECRETTOKEN\u003e \u003cPUBLIC ADDRESS\u003e:8655\n```\n\n\u003e Don't forget add `-a \u003cNODE ADDRESS\u003e` if applicable\n\nand follow recommendations\n\n# How it works\n\n* [Обзор (RU)](https://habr.com/ru/post/468213)\n* [Overview (EN)](https://dev.to/reddec/tinc-boot-full-mesh-vpn-without-pain-3lg9)\n\n![overview](https://user-images.githubusercontent.com/6597086/65752642-ca049d00-e13f-11e9-86ff-05134129eb86.png)\n\n# Windows\n\nNon-primary platform, limited support, but should work\n\nTested only for x64\n\n[See proof on Youtube](https://youtu.be/w84R66JVEE8)\n\nRequirements:\n\n1. Tinc for Windows: [download on official site](https://www.tinc-vpn.org/)\n2. **Install TAP driver**!:\n\n* Go to `C:\\Program Files(x86)\\tinc\\tap-win64`\n* As administrator run `addtap.bat`\n\n3. Rename generated network adapter to the name of the network (`dnet` by-default)\n\nUsage:\n\n1. Launch command line As administrator\n2. Navigate to the directory with `tinc-boot.exe`\n3. With black-magic, `tinc-boot.exe /help` command and instructions for normal OS (*Nix) generate config  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freddec%2Ftinc-boot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freddec%2Ftinc-boot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freddec%2Ftinc-boot/lists"}