search for: apeliote

Displaying 3 results from an estimated 3 matches for "apeliote".

Did you mean: apelete
2015 May 04
3
Isolating a subnet on demand
On 4 May 2015 at 20:53, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: > We started to take a look about that, and apparently, it seems that the IP > in the public key is taken into account when a client connects to a gateway. > Spoofing at that level doesn't seem easy, because the IP address seems to be > part of the authentication process. I'm having trouble
2015 May 04
1
Isolating a subnet on demand
I'm still confused, but in any case, there's nothing stopping "miou" from impersonating "apeliote"'s subnets in your case, unless you use StrictSubnets. Here's the easiest way to do the spoofing: In miou's own node file (on the miou machine itself), add apeliote's subnets with a Weight smaller than 10 (which is the default), so that it overrides them. For example, if ape...
2015 May 04
0
Isolating a subnet on demand
...ecially when you say it's > part of the "public key" (it's not). > > Can you clarify? I am pretty sure tinc doesn't use IP addresses in any > of its security mechanisms, except when StrictSubnets is enabled. > I tested with two node "miou" and "apeliote" they have a connectTo. and public key from "Neptune". "Neptune" node have their public key also. (and all node can play together) /etc/tinc/tinclan/host/miou contain a subnet with IP and public key from "miou" /etc/tinc/tinclan/host/apeliote contain a subnet wi...