search for: chaosvpn

...eers, given that each peer's identity is tightly bound to an IPv6 address. Have you considered Cjdns? I have not used it, either. It came before ZeroTier, I think, and the two may have some similarities. https://github.com/cjdelisle/cjdns Cheers, Parke Well, how does ChaosVPN does it then? Is it a fork? ---- On Seg, 18 dez 2017 19:26:27 -0200 Parke <parke.nexus at gmail.com> wrote ---- On Mon, Dec 18, 2017 at 11:37 AM, Glauber Ferreira <glaubermmf at gmcomms.com.br> wrote: > What other kind of attacks should I be aware of? &a...

...r > public key. If you delete the offending host config files and let tinc > reload its configuration, you can remove a bad node from the network. > > If you have one or a few central nodes where all other nodes ConnectTo, > then it is easy to do. Another option is to use a tool like ChaosVPN to > centrally manage your tinc configuration and host config files. See: > > https://github.com/ryd/chaosvpn > > You can adapt it for your own VPN. Windows support is lacking though. > > > > _______________________________________________ > tinc mailing list > tinc...

On Mon, Dec 18, 2017 at 11:37 AM, Glauber Ferreira <glaubermmf at gmcomms.com.br> wrote: > What other kind of attacks should I be aware of? > (Impersonation, Any kinds of malicious broadcasts, etc) Possibly relevant: http://www.tinc-vpn.org/pipermail/tinc/2017-May/004864.html Etienne Dechamps wrote: > In general however, I would advise against trusting other nodes, even with >

Hi, We just found the tinc, looks like it is really a better VPN solution than traditional VPN, I am wondering, is there some cases we can refer, like is there some big cluster running in the production environment ? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL:

For some weeks I've been trying to devise a way to connect multiple users in various parts of the city and state, and I found out that most likely Tinc is the only daemon that does the kind of meshing I want. I was successful in connecting some servers of mine around in switch mode, but now comes the hard part: How can I authenticate clients on my network? I would also need to direct static

Hi! I'm setting up a VPN with friends of mine, and we are currently considering the possibility to opening the subnet to more people. Considering that one day or another we may have to isolate a subnet (because of bad behaviour, or because it has been compromised), which solution(s) would you recommend for such a situation?

Hello, At OHM2013 (https://ohm2013.org/site/), there will be a lightning talk about tinc, and a workshop setting up tinc VPNs at the Milliways village. An exact time is not known yet but will follow later. OHM2013 will take place from July 31 to August 4 at the Geestmerambacht festival grounds, near Alkmaar, in the Netherlands. If you would like to meet at OHM2013 with other people using or

Hello, At OHM2013 (https://ohm2013.org/site/), there will be a lightning talk about tinc, and a workshop setting up tinc VPNs at the Milliways village. An exact time is not known yet but will follow later. OHM2013 will take place from July 31 to August 4 at the Geestmerambacht festival grounds, near Alkmaar, in the Netherlands. If you would like to meet at OHM2013 with other people using or

Hi, I am looking networking together about 1000-2000 sites across the country. I've been looking through these mailing lists. Saw the thread from the person who had 1000+ running on Amazon, and how they essentially stripped all security out of it. Also know that the ChaosVPN uses tinc, for at least 130+ sites although I'm a bit fuzzy on the details for it. Are there any other cases of very large VPNs? Are there any pitfalls, tricks or special settings required for such large numbers? I was thinking of simulating an environment using Amazon, but looks like Amazon m...

...r nodes that have his/her public key. If you delete the offending host config files and let tinc reload its configuration, you can remove a bad node from the network. If you have one or a few central nodes where all other nodes ConnectTo, then it is easy to do. Another option is to use a tool like ChaosVPN to centrally manage your tinc configuration and host config files. See: https://github.com/ryd/chaosvpn You can adapt it for your own VPN. Windows support is lacking though. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part --...

...y. If you delete the offending host config files and let tinc >> reload its configuration, you can remove a bad node from the network. >> >> If you have one or a few central nodes where all other nodes ConnectTo, >> then it is easy to do. Another option is to use a tool like ChaosVPN to >> centrally manage your tinc configuration and host config files. See: >> >> https://github.com/ryd/chaosvpn >> >> You can adapt it for your own VPN. Windows support is lacking though. >> >> >> >> ____________________________________________...

On Mon, 23 Nov 2015, Guus Sliepen wrote: > It also works in a situation where a group of people trust a central > authority which provides them with the configuration for their tinc > nodes, if StrictSubnets is used. The drawback is that an external tool > needs to be used (ChaosVPN is one such example, but there are others) > and it is not very flexible, but I would disagree that it is > unmanageable. In ChaosVPN we use StrictSubnets, and additionally the following patch on the core-nodes where (nearly) everyone connects to: (cut&paste whitespace damaged) diff -...

...VPN, I am wondering, is there some cases we can refer, like is > there some big cluster running in the production environment ? I know of some large deployments of tinc, but usually people want their Virtual Private Network kept private, so I won't talk about them. But a more public one is ChaosVPN, which connects many hackerspaces in the world together. It currently has 246 nodes, with mixed IPv4 and IPv6 subnets. http://wiki.hamburg.ccc.de/ChaosVPN https://en.wikipedia.org/wiki/Hackerspace -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -----...

...'m thinking of mounting hosts/ over ssh on the servers and have it > centralized. > Also, distributing server config (host file, ConnectTo, etc) to the > clients via debian package or git maybe. > > Has anyone done something different with this? For tinc 1.0, have a look at the ChaosVPN tools. These take care of distributing configuration files to any number of clients, securely, from a central repository: https://github.com/ryd/chaosvpn If you can live with just distributing the hosts/ directory, then pretty much anything will work, including Debian packages or git. For tinc 1...

Hi all! Is there any way to make tinc use keys from a keyring or similar? I'm trying to find a way to manage multiple server, making it easier to register a new user to the network. Thanks! -- Martin Iñaki Malerba inakimmalerba at gmail.com inaki at satellogic.com

...the offending host config files and let tinc >>> reload its configuration, you can remove a bad node from the network. >>> >>> If you have one or a few central nodes where all other nodes ConnectTo, >>> then it is easy to do. Another option is to use a tool like ChaosVPN to >>> centrally manage your tinc configuration and host config files. See: >>> >>> https://github.com/ryd/chaosvpn >>> >>> You can adapt it for your own VPN. Windows support is lacking though. >>> >>> >>> >>> ________...

...ov 2015, Guus Sliepen wrote: > > > It also works in a situation where a group of people trust a central > > authority which provides them with the configuration for their tinc > > nodes, if StrictSubnets is used. The drawback is that an external tool > > needs to be used (ChaosVPN is one such example, but there are others) > > and it is not very flexible, but I would disagree that it is > > unmanageable. > > In ChaosVPN we use StrictSubnets, and additionally the following patch > on the core-nodes where (nearly) everyone connects to: > > (cut&p...

...ov 2015, Guus Sliepen wrote: > > > It also works in a situation where a group of people trust a central > > authority which provides them with the configuration for their tinc > > nodes, if StrictSubnets is used. The drawback is that an external tool > > needs to be used (ChaosVPN is one such example, but there are others) > > and it is not very flexible, but I would disagree that it is > > unmanageable. > > In ChaosVPN we use StrictSubnets, and additionally the following patch > on the core-nodes where (nearly) everyone connects to: > > (cut&p...

TL;DR: a proposal for a new tinc feature that allows nodes to filter ADD_SUBNET messages based on the metaconnection on which they are received, so that nodes can't impersonate each other's VPN Subnets. Similar to StrictSubnets in spirit, but way more flexible. BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK In terms of metaconnections (I'm not discussing data tunnels here), one of

I would say the weakest part of the TINC design is the configuration file layout. There is no way to split out the essentially static configuration for all nodes in the cluster and isolate the node specific settings to one configuration file. So that means I have to keep an inventory of configuration files per node so I can edit and deliver them and keep everything straight. The private