Tinc App

Platform and feature support

Supported Android versions?
All down to API 21 (Android 5.0 Lollipop).
Supported architectures?
Compiled for ARM-v7a, ARM64-v8a, x86, x86-64. Support for ARM-v5TE has been dropped since tincapp v0.15, this architecture having been removed from the Android NDK r17.
Supported tinc modes?
Only the router mode, operating on the IP layer, is available.
No switch mode support?
The switch mode is not supported, since no tap device is exposed by the underlying Android VPN API.
Bundled tinc version?
1.1 branch, backward compatible with the 1.0 protocol, compiled with LibreSSL and LZO.
Multiple networks?
Selection between multiple netnames is supported. However, only one can be active at once due to limitations of the underlying API.
No hook script support?
No shell interpreter is available to execute hook scripts. The configuration of the network interface is done through network.conf.
What is network.conf?
This platform-specific file replaces hook scripts for the configuration of the network interface, routes, DNS, allowed and disallowed applications.
No nets.boot?
Replaced by the system "always-on VPN" feature and an Intent API, allowing VPN connections to be activated automatically at boot or by using third party applications for automation purposes.
No configuration editor?
Providing a graphical front-end for editing configuration files is out of the scope of this application. One may conveniently use a text editor through a shell for example.
No route gateways?
Traffic can be routed to gateways using tinc's internal routing. In particular, all traffic can be routed to the VPN by setting Route = 0.0.0.0/0 in network.conf.

Troubleshooting

Tethering?
It is still possible to share a mobile connection while the VPN is active. AllowBypass = true must be set in the network.conf file. However, the shared connection will not be tunneled. Third party applications or custom firewall rules can be used to share the VPN connection with tethered devices.
Unable to click on "OK" on the system "Connection request" dialog
For safety reasons, Android prevents clicking on system dialogs while another application is creating an overlay. Disable such applications.
Route not shown with route or ip route
Routes are added to an Android-managed routing table, entries from which are not listed by default. Use ip route list table all to list entries from all routing tables.

Internals

Binary names?
Executables had to be named libX.so to be automatically copied in the app lib directory with the right permissions when installing.
exec.c?
Processes started with Java's ProcessBuilder do not inherit required file descriptors. The alternative used here is a classic fork+exec through the JNI.
fd_device?
The Android VPN API returns a file descriptor to an underlying tun device. Support for such device has been added to upstream tinc 1.1 as part of this commit.
Why is the control socket not accessible without root access?
On Android, the external user-accessible storage is FAT32-formatted, which does not support UNIX socket files. They are thus stored on the internal, application-private storage.
Why is the Intent API starting Activities instead of Services?
An activity is used as a proxy to start the underlying TincVPNService in order to ask the user for the VPN permission through a special system dialog.

Other

Permissions?
Full network access is required to allow tinc to communicate with other nodes.
Alternatives?
Vilbrekin's Tinc GUI and culugyx's fork.
License?
Source code released under the GNU GPL v3. Content on the website released under the GNU FDL v1.3.
App icon?
Made by Philippe Nguyen exclusively for this application. Thanks!
Price?
Cheap on the Google Play Store as a donation version, and free on F-Droid and this website.
Donations?
I gladly accept donations through my PayPal and my BitCoin. Please also consider donating to the tinc VPN project. Thanks!