\end{itemize*}
+\subsection{tinc}
+\subsubsection{Tested with Version}
+\begin{itemize*}
+ \item tinc 1.0.23 from Gentoo linked against OpenSSL 1.0.1e
+ \item tinc 1.0.23 from Sabayon linked against OpenSSL 1.0.1e
+\end{itemize*}
+
+\paragraph*{Defaults}\mbox{}\\
+tinc uses 2048 bit RSA keys, Blowfish-CBC, and SHA1 as default settings and suggests the usage of CBC mode ciphers.
+Any key length up to 8196 is supported and it does not need to be a power of two. OpenSSL Ciphers and Digests are supported by tinc.
+
+\paragraph*{Settings}\mbox{}\\
+Generate keys with
+\begin{lstlisting}[breaklines]
+tincd -n NETNAME -K8196
+\end{lstlisting}
+Old keys will not be deleted (but disabled), you have to delete them manually. Add the following lines to your tinc.conf on all machines
+\begin{lstlisting}[breaklines]
+Cipher = aes-256-cbc
+Digest = SHA512
+\end{lstlisting}
+
+\paragraph*{References}\mbox{}\\
+\begin{itemize}
+\item tincd(8) man page
+\item tinc.conf(5) man page
+\item \href{http://www.tinc-vpn.org/pipermail/tinc/2014-January/003538.html}{tinc mailinglist}
+\end{itemize}
+
+
% ----------------------------------------------------------------------
%%\subsection{Juniper VPN}
%%\todo{write this subsubsection. AK: ask Hannes}