Displaying 4 results from an estimated 4 matches for "subnetstr".
Did you mean:
subnets
2015 Nov 24
1
Authenticating VPN addresses: a proposal
...et.c
@@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char *request) {
if(strictsubnets) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s",
"ADD_SUBNET", c->name, c->hostname, subnetstr);
+ /* Disabled forwarding of unauthorized subnets!
forward_request(c, request);
+ */
return true;
}
This was added because after a few years of operation of the network we
had so many no-longer-existing subnet definitions flowin...
2015 Nov 25
0
tinc exit when there is no internet?
...add_subnet_h(connection_t *c, const char
> *request) {
> if(strictsubnets) {
> logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized
> %s from %s (%s): %s",
> "ADD_SUBNET", c->name, c->hostname,
> subnetstr);
> + /* Disabled forwarding of unauthorized subnets!
> forward_request(c, request);
> + */
> return true;
> }
>
> This was added because after a few years of operation of the network we
> had so many no-lon...
2015 Nov 25
0
tinc exit when there is no internet?
...add_subnet_h(connection_t *c, const char
> *request) {
> if(strictsubnets) {
> logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized
> %s from %s (%s): %s",
> "ADD_SUBNET", c->name, c->hostname,
> subnetstr);
> + /* Disabled forwarding of unauthorized subnets!
> forward_request(c, request);
> + */
> return true;
> }
>
> This was added because after a few years of operation of the network we
> had so many no-lon...
2015 Nov 22
5
Authenticating VPN addresses: a proposal
TL;DR: a proposal for a new tinc feature that allows nodes to filter
ADD_SUBNET messages based on the metaconnection on which they are
received, so that nodes can't impersonate each other's VPN Subnets.
Similar to StrictSubnets in spirit, but way more flexible.
BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK
In terms of metaconnections (I'm not discussing data tunnels here),
one of