Rather than configuring tunnels, a tinc VPN is more or less specified by its endpoints. The tinc daemons will automatically set up tunnels in order to create a full mesh network. The problem in today's Internet is that many users are trapped behind NAT, and ISPs are known to drop ICMP packets, IP fragments, and/or UDP packets, making reliable connections between peers difficult. Another problem is how to manage authentication and authorization in a fully decentralized, but user-friendly way. In this talk I will look at solutions already implemented in tinc and other VPN software, and I look at future work to solve the remaining problems. tinc is a Virtual Private Network (VPN) daemon that automatically tries to create a full mesh network between peers. It can route IPv4 and IPv6 packets, or switch any type of Ethernet packet to create a virtual LAN. It can tunnel over IPv4 and IPv6, and runs on Linux, *BSD, Solaris, MacOS/X and Windows.