Computer Tutorials
Computer Knowledge
How to Create a Lightweight P2P Mesh VPN with Tinc - Make Tech Easier
How to Create a Lightweight P2P Mesh VPN with Tinc - Make Tech Easier
Oct 15, 2025 am 05:21 AM
Tinc is an open-source Virtual Private Network (VPN) adapter that provides a simple way to create a private peer-to-peer (P2P) mesh network in Linux, Windows, and macOS. Similar to OpenVPN and Wireguard, it can link together multiple computers across different network topologies into a single virtual LAN. Here we show you the benefits of using Tinc and how to install and create a simple Tinc-based mesh network.
Table of Contents
- Why Use Tinc over Wireguard and OpenVPN?
- Installing Tinc on Linux
- Creating a Basic Mesh Network with Tinc
- Running the Tinc Mesh Network
Why Use Tinc over Wireguard and OpenVPN?
One unique selling point of Tinc over other VPN daemons is it’s designed to be a mesh network. This means that, unlike Wireguard, it can easily adapt to changes in network conditions. This makes it more resilient, especially for computers with a poor network connection.
Aside from that, Tinc enjoys most of the features that you would expect out of a traditional VPN such as OpenVPN. This includes the ability to traverse NAT environments, create encrypted tunnels, and link LAN-only applications.
Lastly, Tinc also strives to make every connection you make inside the network P2P. This could either be through automatic peer discovery or coordinating with a publicly accessible Tinc server. As a result, connections inside a Tinc VPN are not only resilient but also quick and responsive.
Good to know: still undecided on what VPN to pick? Check out our article where we look at how Wireguard and OpenVPN stacks against each other.
Installing Tinc on Linux
The first step in installing Tinc is to make sure your system is up-to-date. In Ubuntu, run the following command:
sudo apt update && sudo apt upgrade -y
Download and install Tinc directly from Ubuntu’s package repositories:
sudo apt install tinc
To install Tinc on other Linux distros, use the appropriate package manager for that system. For example, I need to run sudo dnf install tinc to fetch the program in Fedora.
Confirm that you’ve properly installed Tinc by opening a terminal session and running tincd --version.
Creating a Basic Mesh Network with Tinc
With Tinc on your machine, you can now configure your first Tinc-based network. Make a new folder inside “/etc/tinc.” This will contain all the files related to your Tinc node:
sudo mkdir -p /etc/tinc/mynetwork/hosts
Create a new config file using your favorite text editor:
sudo nano /etc/tinc/mynetwork/tinc.conf
Paste the following block of code inside your new config file:
Name = mynode<br>Device = /dev/net/tun
Note: some Linux distros might change the location of the tun adapter inside “/dev.” To find its exact path for your system, run:
find /dev -name *tun* -type c
Create a text file under the “hosts” folder with the name of your Tinc node and paste the following inside it:
Subnet = 192.168.11.1/32<br>Address = YOUR-MACHINE-IP-ADDRESS-HERE<br>Port = 655
Replace the value of the “Address” variable with the IP address of your machine. You can find this by running ip addr.
Note: you need to provide your machine’s public IP address if you want to create a publicly accessible VPN.
Save your machine’s hosts file, then create two files under “/etc/tinc/mynetwork:”
sudo touch /etc/tinc/mynetwork/tinc-{up,down}<br>sudo chmod x /etc/tinc/mynetwork/tinc-(up,down}
Open the “tinc-up” file, then paste the following Bash code inside it. This creates the virtual network interface for Tinc and assigns the IP address to that interface:
#!/bin/sh<br><br>ip link set $INTERFACE up<br>ip addr add 192.168.11.1/32 dev $INTERFACE<br>ip route add 192.168.11.0/24 dev $INTERFACE
Save the file, then open the “tinc-down” file and paste the following inside it as well. This does the reverse of “tinc-up:” it unassigns the IP address from your Tinc interface and removes that interface from your machine:
#!/bin/sh<br><br>ip route del 192.168.11.0/24 dev $INTERFACE<br>ip addr del 192.168.11.1/32 dev $INTERFACE<br>ip link set $INTERFACE down
Generate a keypair for your Tinc node by running tincd:
sudo tincd -n mynetwork --generate-keys=4096
Press Enter twice to accept the default saving location for both private and public keys on your Tinc node.
Adding the First Tinc Client
To add a new Tinc client, begin by making sure that you’ve installed Tinc properly on your second machine.
Create the directory structure for your Tinc config using mkdir -p.
Use your favorite text editor to create the config file for your Tinc client:
sudo nano /etc/tinc/mynetwork/tinc.conf
Paste the following lines of code inside your second machine’s config file:
Name = myclient<br>Device = /dev/net/tun<br>ConnectTo = mynode
Create a file with the name of your Tinc machine under “/etc/tinc/mynetwork/hosts.” In this case, I’ve named my second machine as “myclient,” so I will create a file with the name “myclient:”
sudo nano /etc/tinc/mynetwork/hosts/myclient
Paste the following block of code inside your new hosts file. Similar to your first node, this dictates the network configuration of your Tinc daemon:
Subnet = 192.168.11.2/32<br>Port = 655
Save your new hosts file, then create a “tinc-up” and “tinc-down” script on your second machine:
sudo touch /etc/tinc/mynetwork/tinc-{up,down}<br>sudo chmod x /etc/tinc/mynetwork/tinc-{up,down}
Open the tinc-up file using your favorite text editor, then paste the following block of code inside it:
#!/bin/sh<br>ip link set $INTERFACE up<br>ip addr add 192.168.11.2/32 dev $INTERFACE<br>ip route add 192.168.11.0/24 dev $INTERFACE
Save your tinc-up file, then open tinc-down and paste the following lines of code inside it as well:
#!/bin/sh<br><br>ip route del 192.168.11.0/24 dev $INTERFACE<br>ip addr del 192.168.11.2/32 dev $INTERFACE<br>ip link set $INTERFACE down
Finalize your Tinc client configuration by generating its keypair:
sudo tincd -n mynetwork --generate-keys=4096
Running the Tinc Mesh Network
At this point, you now have two properly configured Tinc daemons. However, you still need to link these two Tinc daemons to create your P2P VPN in Linux. For that, you need to copy the hosts config file from your Tinc node to your client and vice versa.
Start by opening your node’s terminal session and navigating to its “/etc/tinc/mynetwork/hosts” directory:
cd /etc/tinc/mynetwork/hosts
Copy the config file inside this directory and transfer it to your client. In my case, I will use scp to send this file through ssh:
scp ./mynode YOUR-CLIENT-IP-ADDRESS:~
Note: While I’ve used scp in this example, you can also manually transfer them using flash drives.
Go to your client machine and copy the hosts file that you just transferred to the client’s “/etc/tinc/mynetwork/hosts” folder:
sudo cp -v ~/mynode /etc/tinc/mynetwork/hosts/
After that, run scp on the client machine’s side to transfer its hosts file back to your node:
scp /etc/tinc/mynetwork/hosts/myclient YOUR-NODE-IP-ADDRESS:~
Copy your client’s hosts file to your node’s hosts directory:
sudo cp ~/myclient /etc/tinc/mynetwork/hosts/
On a side note: concerned about your personal privacy on the internet? Learn how you can improve the privacy and security of your Linux PC.
Starting the Tinc Mesh Network
Start your fully configured Tinc network by running the following command on each of your hosts:
sudo tincd -n mynetwork
Confirm that you’re able to communicate with your nodes through the Tinc interface by doing a simple ping:
ping -c 5 192.168.11.2
Lastly, enable the Tinc service to ensure that your VPN will work on system startup:
sudo systemctl enable --now tinc@mynetwork.service
Learning how to create your own P2P mesh VPN in Linux with Tinc is just the first step in exploring this wonderful world of computer networking. Take a deep dive on the intricacies of this technology by checking out our comprehensive overview on VPNs.
Image credit: Growtika via Unsplash. All alterations and screenshots by Ramces Red.
The above is the detailed content of How to Create a Lightweight P2P Mesh VPN with Tinc - Make Tech Easier. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
ArtGPT
AI image generator for creative art from text prompts.
Stock Market GPT
AI powered investment research for smarter decisions
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to Force Games Into Windowed Mode on Windows 10 & 11
Sep 19, 2025 am 03:33 AM
Most players probably play their games full screen in Windows 11 or 10. However, you can also play games in a windowed mode. This mode lets you play games in a window with the taskbar visible beneath it. The advantages of playing in windowed mode
How should I check if the computer suddenly fails to recognize the printer?
Sep 20, 2025 am 08:27 AM
Answer: The computer cannot recognize the printer. It is usually caused by connection, drive, or service issues. First check whether the USB or network connection is normal to ensure that the printer is powered on; if the connection is correct, restart the device and check the driver status in the "Device Manager", update or reinstall the official website driver; confirm that the Windows "PrintSpooler" service has been started and set to automatic; use the system "Troubleshooting" tool to troubleshoot problems. If the driver fails to install repeatedly, you need to completely uninstall the old driver and clean up the residual files. After restarting, install the new version of the driver as an administrator, and use compatibility mode or system restore if necessary. If there is any problem after Windows update, you should first download the driver that is adapted to the new system, or roll back the update and check the service status. The details that are easily overlooked during the investigation include
The folder or file has been opened in another program
Sep 20, 2025 am 08:24 AM
When the file is occupied, first check and close the relevant programs and try to restart the computer; if it is invalid, use task manager, resource monitor or ProcessExplorer to locate the occupied process, and forcefully terminate it by ending the task or taskkill command; for prevention, you need to develop good operating habits, avoid previewing or directly operating on mobile/network drives, and keep software updated.
VPN Not Connecting on Windows 10/11 : 10 Best Fixes
Sep 20, 2025 am 03:30 AM
A Virtual Private Network (VPN) is a crucial tool for safeguarding your online privacy and securely accessing geo-restricted or censored content. However, many users face difficulties when their VPN fails to connect on Windows 10 or Windows 11.Why Wo
How to uninstall a program that won't uninstall
Sep 20, 2025 am 07:09 AM
Ifaprogramwon’tuninstall,trythesesteps:1.UseWindowsSettingstoremoveit.2.Runitsbuilt-inuninstallerasadministrator.3.BootintoSafeModeandattemptremoval.4.Usethird-partytoolslikeRevoUninstaller.5.Manuallydeletefilesandregistryentrieswithcaution.
Where to find folders
Sep 20, 2025 am 07:57 AM
The most direct way is to recall the storage location, usually in folders such as desktop, documents, downloads, etc.; if it cannot be found, you can use the system search function. File "missing" is mostly due to problems such as unattention of the saving path, name memory deviation, file hiding or cloud synchronization. Efficient management suggestions: Classify by project, time, and type, make good use of quick access, clean and archive regularly, and standardize naming. Windows search and search through File Explorer and taskbar, while macOS relies on finder and Spotlight, which is smarter and more efficient. Mastering tools and developing good habits is the key.
What factors really determine the read and write speed of mechanical hard disks?
Sep 20, 2025 am 08:18 AM
The read and write speed of mechanical hard disks is determined by the speed, data density, cache size, interface type and seek time. High speed shortens latency, high density improves linear speed, large cache optimizes random read and write, while fragmentation and background programs slow down the actual experience.
My Windows 11 Laptop Now Lasts All Day Thanks to These Tricks
Sep 21, 2025 am 04:27 AM
The battery life of Windows laptops has never been excellent, at least without making any settings. But with these tips, your laptop can easily run 24/7 – no longer have to look for power outlets everywhere. 5 Check your GPU settings The standalone graphics card consumes much more power than integrated graphics cards. This is one of the reasons for the performance improvements in gaming, but it also greatly reduces battery life. If your laptop supports MUX switches or allows disabling discrete graphics cards, turning on this feature will significantly extend battery life. Some notebooks offer two GPU modes: hybrid mode and integrated mode. In hybrid mode, both graphics cards work at the same time, which is also the default operation method of most laptops with independent graphics. If you want to extend the battery
