search for: embeddish

...e LANs). I use StrictSubnets and I happy with them. That was choice from the beginning. But it also enforced to have all node keys and configuration data on each node. Up to Sep2015, I employed a central http server for that, like chaosvpn does. But that central server lost it's key (it was an embeddish system) and the service stopped working. Since that I was forced to implement a protocol extension to tinc that adds such a service directly inside the daemon and it now performs perfectly. You can find an announcement about it earlier in tinc archives of Oct2015. I don't think StrictSubnets...

TL;DR: a proposal for a new tinc feature that allows nodes to filter ADD_SUBNET messages based on the metaconnection on which they are received, so that nodes can't impersonate each other's VPN Subnets. Similar to StrictSubnets in spirit, but way more flexible. BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK In terms of metaconnections (I'm not discussing data tunnels here), one of