Displaying 2 results from an estimated 2 matches for "other_central_node".
2015 Nov 22
0
Authenticating VPN addresses: a proposal
...hod of limiting
trust in a network where you might not trust all nodes equally. But:
> /etc/tinc/my_network/hosts/client_node:
> ConnectionSubnetACL = +10.42.42.42 # this client's assigned subnet
> ConnectionSubnetACL = -ALL # deny everything else
>
> /etc/tinc/my_network/hosts/other_central_node:
> ConnectionSubnetACL = +ALL # trust everything from that node (could be
> the default)
>
> /etc/tinc/my_network/hosts/central_node_from_other_side:
> ConnectionSubnetACL = +10.13.37.0/24 # the other side's subnet space
> ConnectionSubnetACL = -ALL # deny everything else
Th...
2015 Nov 22
5
Authenticating VPN addresses: a proposal
...of subnet ACL
system for full flexibility. Here's how it could look like in practice
on my central nodes:
/etc/tinc/my_network/hosts/client_node:
ConnectionSubnetACL = +10.42.42.42 # this client's assigned subnet
ConnectionSubnetACL = -ALL # deny everything else
/etc/tinc/my_network/hosts/other_central_node:
ConnectionSubnetACL = +ALL # trust everything from that node (could be
the default)
/etc/tinc/my_network/hosts/central_node_from_other_side:
ConnectionSubnetACL = +10.13.37.0/24 # the other side's subnet space
ConnectionSubnetACL = -ALL # deny everything else
And the resulting behavior:
- ti...