diff --git a/net/tinc/Makefile b/net/tinc/Makefile
new file mode 100644
index 000000000..dc1bbbb7b
--- /dev/null
+++ b/net/tinc/Makefile
@@ -0,0 +1,60 @@
+#
+# Copyright (C) 2007-2013 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tinc
+PKG_VERSION:=1.0.24
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.tinc-vpn.org/packages
+PKG_MD5SUM:=14a91eb2e85bdc0451a815612521b708
+
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/tinc
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+liblzo +libopenssl +kmod-tun
+  TITLE:=VPN tunneling daemon
+  URL:=http://www.tinc-vpn.org/
+  MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
+  SUBMENU:=VPN
+endef
+
+define Package/tinc/description
+  tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
+  encryption to create a secure private network between hosts on the Internet.
+endef
+
+TARGET_CFLAGS += -std=gnu99
+
+CONFIGURE_ARGS += \
+	--with-kernel="$(LINUX_DIR)" \
+	--with-zlib="$(STAGING_DIR)/usr" \
+	--with-lzo-include="$(STAGING_DIR)/usr/include/lzo"
+
+define Package/tinc/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tincd $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_BIN) files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME)
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) files/$(PKG_NAME).config $(1)/etc/config/$(PKG_NAME)
+	$(INSTALL_DIR) $(1)/etc/tinc
+	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
+	$(INSTALL_DATA) files/tinc.upgrade $(1)/lib/upgrade/keep.d/tinc
+endef
+
+define Package/tinc/conffiles
+/etc/config/tinc
+endef
+
+$(eval $(call BuildPackage,tinc))
diff --git a/net/tinc/files/tinc.config b/net/tinc/files/tinc.config
new file mode 100644
index 000000000..18940781a
--- /dev/null
+++ b/net/tinc/files/tinc.config
@@ -0,0 +1,56 @@
+config tinc-net NETNAME
+	option enabled 0
+
+	## Daemon Configuration	(cmd arguments)
+	#option generate_keys 0
+	#option key_size 2048
+	#option logfile /tmp/log/tinc.NETNAME.log
+	#option debug 3
+
+	## Server Configuration (tinc.conf)
+	#option AddressFamily any
+	#option BindToAddress 127.0.0.1
+	#option BindToInterface lo
+
+	#list ConnectTo peer1
+
+	#option DirectOnly 0
+	#option Forwarding internal
+	#option GraphDumpFile /tmp/log/tinc.NETNAME.dot
+	#option Hostnames 0
+	#option IffOneQueue 0
+	#option Interface NETNAME
+	#option KeyExpire 3600
+	#option MACExpire 600
+	#option MaxTimeout 900
+	#option Mode router
+
+	option Name NODENAME
+
+	#option PingInterval 60
+	#option PingTimeout 5
+	#option PriorityInheritance 0
+	#option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv
+	#option ProcessPriority normal
+	#option ReplayWindow 16
+	#option StrictSubnets 0
+	#option TunnelServer 0
+	#option UDPRcvBuf x
+	#option UDPSndBuf x
+
+config tinc-host NODENAME
+	option enabled 0
+
+	option net NETNAME
+
+	#list Address example.com
+	#option Cipher blowfish
+	#option ClampMSS yes
+	#option Compression 0
+	#option Digest sha1
+	#option IndirectData 0
+	#option MACLength 4
+	#option PMTU 1514
+	#option PMTUDiscovery yes
+	#option Port 655
+	#option Subnet 192.168.1.0/24
diff --git a/net/tinc/files/tinc.init b/net/tinc/files/tinc.init
new file mode 100644
index 000000000..b24bc682e
--- /dev/null
+++ b/net/tinc/files/tinc.init
@@ -0,0 +1,241 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2011 OpenWrt.org
+# Copyright (C) 2011 Linus Lüssing
+#  Based on Jo-Philipp Wich's OpenVPN init script
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+
+START=42
+
+SERVICE_USE_PID=1
+
+BIN=/usr/sbin/tincd
+EXTRA_COMMANDS="up down"
+
+LIST_SEP="
+"
+TMP_TINC="/tmp/tinc"
+
+append_param() {
+	local v="$1"
+	case "$v" in
+		*_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
+		*_*_*)   v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
+		*_*)     v=${v%%_*}-${v#*_} ;;
+	esac
+	ARGS="$ARGS --$v"
+	return 0
+}
+
+append_conf_bools() {
+	local p; local v; local s="$1"; local f="$2"; shift; shift
+	for p in $*; do
+		config_get_bool v "$s" "$p"
+		[ "$v" == 1 ] && echo "$p = yes" >> "$f"
+		[ "$v" == 0 ] && echo "$p = no" >> "$f"
+	done
+}
+
+append_params() {
+	local p; local v; local s="$1"; shift
+	for p in $*; do
+		config_get v "$s" "$p"
+		IFS="$LIST_SEP"
+		for v in $v; do
+			[ -n "$v" ] && append_param "$p" && ARGS="$ARGS=$v"
+		done
+		unset IFS
+	done
+}
+
+append_conf_params() {
+	local p; local v; local s="$1"; local f="$2"; shift; shift
+	for p in $*; do
+		config_get v "$s" "$p"
+		IFS="$LIST_SEP"
+		for v in $v; do
+			# Look up OpenWRT interface names
+			[ "$p" = "BindToInterface" ] && {
+				local ifname=$(uci -P /var/state get network.$v.ifname 2>&-)
+				[ -n "$ifname" ] && v="$ifname"
+			}
+
+			[ -n "$v" ] && echo "$p = $v" >> "$f"
+		done
+		unset IFS
+	done
+}
+
+section_enabled() {
+	config_get_bool enabled "$1" 'enabled' 0
+	[ $enabled -gt 0 ]
+}
+
+prepare_host() {
+	local s="$1"
+	local n
+
+	# net disabled?
+	config_get n "$s" net
+	section_enabled "$n" || return 1
+
+	if [ "$#" = "2" ]; then
+		[ "$2" != "$n" ] && return 1
+	fi
+
+	# host disabled?
+	section_enabled "$s" || {
+		[ -f "$TMP_TINC/$n/hosts/$s" ] && rm "$TMP_TINC/$n/hosts/$s"
+		return 1
+	}
+
+	[ ! -f "/etc/tinc/$n/hosts/$s" ] && {
+		echo -n "tinc: Warning, public key for $s for network $n "
+		echo -n "missing in /etc/tinc/$n/hosts/$s, "
+		echo "skipping configuration of $s"
+		return 1
+	}
+
+	# append flags
+	append_conf_bools "$s" "$TMP_TINC/$n/hosts/$s" \
+		ClampMSS IndirectData PMTUDiscovery TCPOnly
+
+	# append params
+	append_conf_params "$s" "$TMP_TINC/$n/hosts/$s" \
+		Address Cipher Compression Digest MACLength PMTU \
+		Port PublicKey PublicKeyFile Subnet
+}
+
+check_gen_own_key() {
+	local s="$1"; local n; local k
+
+	config_get n "$s" Name
+	config_get_bool k "$s" generate_keys 0
+	[ "$k" == 0 ] && return 0
+
+	([ -z "$n" ] || [ -f "$TMP_TINC/$s/hosts/$n" ] || [ -f "$TMP_TINC/$s/rsa_key.priv" ]) && \
+		return 0
+	[ ! -d "$TMP_TINC/$s/hosts" ] && mkdir -p "$TMP_TINC/$s/hosts"
+
+	config_get k "$s" key_size
+	if [ -z "$k" ]; then
+		$BIN -c "$TMP_TINC/$s" --generate-keys </dev/null
+	else
+		$BIN -c "$TMP_TINC/$s" "--generate-keys=$k" </dev/null
+	fi
+
+	[ ! -d "/etc/tinc/$s/hosts" ] && mkdir -p "/etc/tinc/$s/hosts"
+	cp "$TMP_TINC/$s/rsa_key.priv" "/etc/tinc/$s/"
+	[ -n "$n" ] && cp "$TMP_TINC/$s/hosts/$n" "/etc/tinc/$s/hosts/"
+}
+
+prepare_net() {
+	local s="$1"
+	local n
+
+	section_enabled "$s" || return 1
+
+        # rm old config
+        rm -rf "$TMP_TINC/$s/"
+
+	[ ! -d "$TMP_TINC/$s" ] && mkdir -p "$TMP_TINC/$s"
+	[ -d "/etc/tinc/$s" ] && cp -r "/etc/tinc/$s" "$TMP_TINC/"
+
+	# append flags
+	append_conf_bools "$s" "$TMP_TINC/$s/tinc.conf" \
+		DecrementTTL DirectOnly Hostnames IffOneQueue \
+		LocalDiscovery PriorityInheritance StrictSubnets TunnelServer \
+		ClampMSS IndirectData PMTUDiscovery TCPOnly
+
+	# append params
+	append_conf_params "$s" "$TMP_TINC/$s/tinc.conf" \
+		AddressFamily BindToAddress ConnectTo BindToInterface \
+		Broadcast Device DeviceType Forwarding \
+		GraphDumpFile Interface KeyExpire MACExpire \
+		MaxTimeout Mode Name PingInterval PingTimeout \
+		PrivateKey PrivateKeyFile ProcessPriority ReplayWindow \
+		UDPRcvBuf UDPSndBuf \
+		Address Cipher Compression Digest MACLength PMTU \
+		Port PublicKey PublicKeyFile Subnet
+
+	check_gen_own_key "$s" && return 0
+}
+
+start_instance() {
+	local s="$1"
+
+	section_enabled "$s" || return 1
+
+	ARGS=""
+
+	# append params
+	append_params "$s" logfile debug
+
+	SERVICE_PID_FILE="/var/run/tinc.$s.pid"
+	service_start $BIN -c "$TMP_TINC/$s" -n $s $ARGS --pidfile="$SERVICE_PID_FILE"
+}
+
+stop_instance() {
+	local s="$1"
+
+	section_enabled "$s" || return 1
+
+	SERVICE_PID_FILE="/var/run/tinc.$s.pid"
+	service_stop $BIN
+	# rm old config
+	rm -rf "$TMP_TINC/$s/"
+}
+
+reload_instance() {
+	local s="$1"
+
+	section_enabled "$s" || return 1
+
+	SERVICE_PID_FILE="/var/run/tinc.$s.pid"
+	service_reload $BIN
+}
+
+start() {
+	config_load 'tinc'
+
+	config_foreach prepare_net 'tinc-net'
+	config_foreach prepare_host 'tinc-host'
+
+	config_foreach start_instance 'tinc-net'
+}
+
+stop() {
+	config_load 'tinc'
+	config_foreach stop_instance 'tinc-net'
+}
+
+reload() {
+	config_load 'tinc'
+	config_foreach reload_instance 'tinc-net'
+}
+
+up() {
+	local exists
+	local instance
+	config_load 'tinc'
+	for instance in "$@"; do
+		config_get exists "$instance" 'TYPE'
+		if [ "$exists" == "tinc-net" ]; then
+			prepare_net "$instance"
+			config_foreach prepare_host 'tinc-host' "$instance"
+			start_instance "$instance"
+		fi
+	done
+}
+
+down() {
+	local exists
+	local instance
+	config_load 'tinc'
+	for instance in "$@"; do
+		config_get exists "$instance" 'TYPE'
+		if [ "$exists" == "tinc-net" ]; then
+			stop_instance "$instance"
+		fi
+	done
+}
diff --git a/net/tinc/files/tinc.upgrade b/net/tinc/files/tinc.upgrade
new file mode 100644
index 000000000..13f5d8049
--- /dev/null
+++ b/net/tinc/files/tinc.upgrade
@@ -0,0 +1 @@
+/etc/tinc/