Frequently asked questions

2021-01-11

Platform and feature support

Supported Android versions?
The application supports all versions of Android down to version 5 (Lollipop, API 21). It has been successfully tested up to Android 11 (API 30) included.
Supported architectures?
Compiled for ARM-v7a, ARM64-v8a, x86, x86-64. Support for ARM-v5TE has been dropped since tincapp v0.15, this architecture having been removed from the Android NDK r17.
Bundled tinc version?
1.1 branch, backward compatible with the 1.0 protocol, compiled with LibreSSL and LZO.
No switch mode support?
The switch mode is not supported, since no tap device is exposed by the underlying Android VPN API. Only the router mode, operating on the IP layer, is available.
Multiple networks?
Selection between multiple netnames is supported. However, only one can be active at once due to limitations of the underlying API.
No hook script support?
No shell interpreter is available to execute hook scripts. The configuration of the network interface is done through network.conf.
What is network.conf?
This platform-specific file replaces hook scripts for the configuration of the network interface, routes, DNS, allowed and disallowed applications.
No nets.boot?
Replaced by the system “always-on VPN” feature and an Intent API, allowing VPN connections to be activated automatically at boot or by using third party applications for automation purposes.
No configuration editor?

Providing a graphical front-end for editing configuration files is out of the scope of this application. Instead, those files are exposed through an embedded FTP server, allowing the configuration files to be edited through any FTP client such as Ghost Commander on Android or FileZilla on a desktop computer. The first option conveniently includes a text file editor.

No default gateway route?

Traffic can be routed to gateways using tinc’s internal routing. In particular, all traffic can be routed to the VPN by adding a catch-all route in network.conf:

Route = 0.0.0.0/0

Internals

Binary names?
Executables had to be named libX.so to be automatically copied in the app lib directory with the right permissions when installing.
fd_device?

The Android VPN API returns a file descriptor to an underlying tun device. Support for such device has been added to upstream tinc 1.1 as part of commits 7a54fe5 and f522393.

Why is the Intent API starting an Activity instead of a Service?
An activity is used as a proxy to start the underlying TincVpnService in order to ask the user for the VPN permission through a special system dialog.

Other

Permissions required by the application?
Full network access is required to allow tinc to communicate with other nodes. Camera access is required for the “Join network via QR code” feature.
Alternatives?

Vilbrekin’s Tinc GUI and culugyx’s root-free fork (dead link).

License?

Source code released under the GNU GPL v3. Content on the website released under the GNU FDL v1.3.

App icon?

Made by Philippe Nguyen exclusively for this application. Thanks!

Price?
Expensive on the Google Play Store as a donation version, and free on F-Droid and this website.
Donations?

I gladly accept donations through PayPal, Bitcoin, and Ether. Please also consider donating to the tinc VPN project. Thanks!