search for: gwenn

On 4 May 2015 at 20:53, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: > We started to take a look about that, and apparently, it seems that the IP > in the public key is taken into account when a client connects to a gateway. > Spoofing at that level doesn't seem easy, because the IP address seems to be &gt...

...that means anyone can impersonate any Subnet on a tinc network, just by changing the Subnet declaration in their node file. The only way around that is to use StrictSubnets, but that requires every node to be statically configured with the subnet of every other node. On 4 May 2015 at 20:42, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: > And we'll take a look at Pf & IPTables :) > > Good evening! > >>> There is no centralized way to remove a subnet or block a user. A user >>> is authorized to be on the network by other nodes that have his/her &g...

...lled * on a DL380 with a Junghanns 4BRI card and 0.0.2 driver. I have 3 BRI lines connected to SPAN(TE) 1,2,3 and 2 Cisco 7960 with SIP image. I am connected to french PSTN (France Telecom) whith Euroisdn signaling. I manage to call SIP to SIP, PSTN to SIP but not SIP to PSTN. Any idea? Thanks Gwenn Gael Marronnier Here is what I get and my configuration... #################################### Trace og outgoing call ############################## -- Executing Dial("SIP/7831-dd90", "Zap/g1/0144894635") in new stack -- Called g1/0144894635 -- Channel 1, span 1 g...

i'm pretty sure the tinc that builds from macports is 32-bit On Wed, Dec 10, 2014 at 10:37 AM, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: > Hello everyone! > > I have a PowerMac running 10.6.8 and I'd love to get it connected to my > VPN. However, even by compiling tuntaposx by hand on the said MacPro, I see > that the kernel module is apparently built for x86_64 sys...

Le 11/12/2014 03:48, David Nicol a ?crit : > i'm pretty sure the tinc that builds from macports is 32-bit If found that in the downloads(1) page: September 13, 2009: Change linker options to produce 64 bit kext bundle for Snow Leopard. Removing the hardcoded arch from the Makefiles breaks the compilation, so I eventually picked version 20090905. And it works :) (1)

On Mon, May 04, 2015 at 08:50:36PM +0200, Anne-Gwenn Kettunen wrote: > Hi! I'm setting up a VPN with friends of mine, and we are currently > considering the possibility to opening the subnet to more people. > Considering that one day or another we may have to isolate a subnet (because > of bad behaviour, or because it has been compro...

On 05/04/2015 10:01 PM, Etienne Dechamps wrote: > On 4 May 2015 at 20:53, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: >> We started to take a look about that, and apparently, it seems that the IP >> in the public key is taken into account when a client connects to a gateway. >> Spoofing at that level doesn't seem easy, because the IP address see...

Hi! I'm setting up a VPN with friends of mine, and we are currently considering the possibility to opening the subnet to more people. Considering that one day or another we may have to isolate a subnet (because of bad behaviour, or because it has been compromised), which solution(s) would you recommend for such a situation?

Hello everyone! I have a PowerMac running 10.6.8 and I'd love to get it connected to my VPN. However, even by compiling tuntaposx by hand on the said MacPro, I see that the kernel module is apparently built for x86_64 systems: macintosh MacOS ?? pwd /Library/Extensions/tun.kext/Contents/MacOS macintosh MacOS ?? file tun tun: Mach-O 64-bit kext bundle x86_64 Because YES! The system is

...t's a very bad idea to let untrusted nodes join a tinc network. The only way to defend against this type of attack is to use StrictSubnets. On 4 May 2015 at 21:13, err404 <err404 at free.fr> wrote: > On 05/04/2015 10:01 PM, Etienne Dechamps wrote: >> On 4 May 2015 at 20:53, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: >>> We started to take a look about that, and apparently, it seems that the IP >>> in the public key is taken into account when a client connects to a gateway. >>> Spoofing at that level doesn't seem easy, because the IP...

Hi, Thanks for the link :) I guess we'll just end up having 2 separate VPNs, eventually. Have a good evening! > There is no centralized way to remove a subnet or block a user. A user > is authorized to be on the network by other nodes that have his/her > public key. If you delete the offending host config files and let tinc > reload its configuration, you can remove a bad node

Hello everyone! I have a PowerMac running 10.6.8 and I'd love to get it connected to my VPN. However, even by compiling tuntaposx by hand on the said MacPro, I see that the kernel module is apparently built for x86_64 systems: macintosh MacOS ?? pwd /Library/Extensions/tun.kext/Contents/MacOS macintosh MacOS ?? file tun tun: Mach-O 64-bit kext bundle x86_64 Because YES! The system is

And we'll take a look at Pf & IPTables :) Good evening! >> There is no centralized way to remove a subnet or block a user. A user >> is authorized to be on the network by other nodes that have his/her >> public key. If you delete the offending host config files and let tinc >> reload its configuration, you can remove a bad node from the network. >> >>

We started to take a look about that, and apparently, it seems that the IP in the public key is taken into account when a client connects to a gateway. Spoofing at that level doesn't seem easy, because the IP address seems to be part of the authentication process. Dealing with inside threats seems however a good feature for future versions ;) Le 04/05/2015 21:50, Etienne Dechamps a ?crit