search for: sep2015

...mber of clients that connect to one of them, or to both (this depends on which physical network they reside, we have city-wide LANs). I use StrictSubnets and I happy with them. That was choice from the beginning. But it also enforced to have all node keys and configuration data on each node. Up to Sep2015, I employed a central http server for that, like chaosvpn does. But that central server lost it's key (it was an embeddish system) and the service stopped working. Since that I was forced to implement a protocol extension to tinc that adds such a service directly inside the daemon and it now p...

TL;DR: a proposal for a new tinc feature that allows nodes to filter ADD_SUBNET messages based on the metaconnection on which they are received, so that nodes can't impersonate each other's VPN Subnets. Similar to StrictSubnets in spirit, but way more flexible. BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK In terms of metaconnections (I'm not discussing data tunnels here), one of