Hi all,
I'm currently happily using tinc in my networks.
I also use OpenVPN based on the customer requirements.
I though have some questions which I could not find a clear answer.
What I'd like to know is:
1. How to revoke a "node", simply removing the host file on the
servers
is enough? And one created by invitation?
2. Is there a way to let tinc ask for a username/password (like it's
possible with OpenVPN)?
(I know this might be complicated as one would have to have a
centralized or synced user db, but that's not tinc business anyway).
3. Suppose I have 3 or more tinc "servers", is it suggested that the
"hosts" directory be synced between thoose hosts?
Thank you.
Alessandro
1. That entirely depends on how you have it set up (look at StrictSubnets and
TunnelServer). It might also be recommended to have every node re-key itself
(http://tinc-vpn.org/security/).
2. No, tinc cannot do this itself.
3. That is not a bad approach.
-----Original Message-----
From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Alessandro Briosi
Sent: Monday, July 10, 2017 1:43 AM
To: tinc at tinc-vpn.org
Subject: Some tinc clatifications
Hi all,
I'm currently happily using tinc in my networks.
I also use OpenVPN based on the customer requirements.
I though have some questions which I could not find a clear answer.
What I'd like to know is:
1. How to revoke a "node", simply removing the host file on the
servers
is enough? And one created by invitation?
2. Is there a way to let tinc ask for a username/password (like it's
possible with OpenVPN)?
(I know this might be complicated as one would have to have a
centralized or synced user db, but that's not tinc business anyway).
3. Suppose I have 3 or more tinc "servers", is it suggested that the
"hosts" directory be synced between thoose hosts?
Thank you.
Alessandro
_______________________________________________
tinc mailing list
tinc at tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Il 2017-07-10 18:32 Matthew Nichols ha scritto:> 1. That entirely depends on how you have it set up (look at > StrictSubnets and TunnelServer). It might also be recommended to have > every node re-key itself (http://tinc-vpn.org/security/).I've used StrictSubnets and TunnelServer (and probably will keep using this so roadwarriors don't see eachother, though looking at the logs and adding the route manually simply would allow them to connect to the others in some cases), but that's not the point. I understand on a security bug or something, but having to rekey all the hosts 'cause someone gets fired to me it sounds insane. There must be an easy way to block somebody from connecting to the VPN? Isn't removing it's reference on the "servers" enough?> 2. No, tinc cannot do this itself.ok> 3. That is not a bad approach.ok> > -----Original Message----- > From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Alessandro > Briosi > Sent: Monday, July 10, 2017 1:43 AM > To: tinc at tinc-vpn.org > Subject: Some tinc clatifications > > Hi all, > I'm currently happily using tinc in my networks. > > I also use OpenVPN based on the customer requirements. > > I though have some questions which I could not find a clear answer. > > What I'd like to know is: > 1. How to revoke a "node", simply removing the host file on the servers > is enough? And one created by invitation? > 2. Is there a way to let tinc ask for a username/password (like it's > possible with OpenVPN)? > (I know this might be complicated as one would have to have a > centralized or synced user db, but that's not tinc business anyway). > 3. Suppose I have 3 or more tinc "servers", is it suggested that the > "hosts" directory be synced between thoose hosts? > > Thank you. > Alessandro > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
I use this for managing access to my tinc VPN network, allows me to easily add/remove user access and track who has/had access at any point in time https://github.com/JeevesTakesOver/Railtrack/blob/master/README.rst On Mon, 10 Jul 2017 at 08:48, Alessandro Briosi <tsdogs at briosix.org> wrote:> Hi all, > I'm currently happily using tinc in my networks. > > I also use OpenVPN based on the customer requirements. > > I though have some questions which I could not find a clear answer. > > What I'd like to know is: > 1. How to revoke a "node", simply removing the host file on the servers > is enough? And one created by invitation? > 2. Is there a way to let tinc ask for a username/password (like it's > possible with OpenVPN)? > (I know this might be complicated as one would have to have a > centralized or synced user db, but that's not tinc business anyway). > 3. Suppose I have 3 or more tinc "servers", is it suggested that the > "hosts" directory be synced between thoose hosts? > > Thank you. > Alessandro > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170711/bfcb4271/attachment.html>