search for: volkswak

Suppose tinc is installed on 100 routers in 100 sites. How to automate site-site vpn management across 100 sites? Some kind of vpn management solution? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180329/90f0198d/attachment.html>

This part I have to answer on-list: > On 29 Mar 2018, at 17:50 , al so <volkswak at gmail.com> wrote: > > automation refers to day to day vpn management from non-IT layman... not a geek running shell/ansible scrpits. Dear Also / Volk Swak TINC have it’s uses and place in the VPN environment. Perhaps you could/should consider https://pritunl.com/ <https://pritun...

There is a reason most NMS systems used SNMP in the past and REST apis past 7+ years. They don't use CLIs except toy Expect type scripts.. Not just security but better error handling and more. Good luck learning! On Thu, Mar 29, 2018 at 9:03 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > SNMP is mainly used for monitoring, not _server_ automation. > > Also, it's

> > > What is planned for Tinc 2.0? > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20180314/120783a3/attachment.html>

> > > What is planned for Tinc 2.0? > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20180314/120783a3/attachment.html>

Is SPTPS protocol enabled in 1.1 by default? Or we need to manually enable it. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180316/2360e357/attachment.html>

...for a typical host -connectTo-> mainTincBoxes I use Railtrack https://github.com/JeevesTakesOver/Railtrack however it looks to me that your question was more about orchestration, python fabric or ansible are probably your best options for this task On Thu, 29 Mar 2018 at 09:40, al so <volkswak at gmail.com> wrote: > Suppose tinc is installed on 100 routers in 100 sites. > How to automate site-site vpn management across 100 sites? > Some kind of vpn management solution? > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org >...

On Wed, Mar 14, 2018 at 12:36 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Wed, Mar 14, 2018 at 08:42:20AM -0700, al so wrote: > > > Is there performance issue with Tinc compared to alternatives? > > Performance depends on many variables, it is impossible to say "A is > nn% faster/slower than alternative B". The best way to check which > alternative

automation refers to day to day vpn management from non-IT layman... not a geek running shell/ansible scrpits. On Thu, Mar 29, 2018 at 8:48 AM, al so <volkswak at gmail.com> wrote: > Just search online why in general that is insecure via CLI vs programmatic > for first class automation.. there is a reason why snmp, rest, ... exist. > > On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org> > wrote: > >>...

I meant Tinc site-site VPN deployments in US business segments. Just references if any. On Tue, Mar 20, 2018 at 1:44 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Tue, Mar 20, 2018 at 12:53:55PM -0700, al so wrote: > > > Are there any Tinc deployments in the USA in Medium sized businesses and > > small Enterprises? > > Yes. However, VPNs are Virtual *Private*

Just search online why in general that is insecure via CLI vs programmatic for first class automation.. there is a reason why snmp, rest, ... exist. On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote: > You've mentioned security issues in your previous email, but now you're > hopping to management issues. > > Have you tried Ansible, Chef or

This bad use of RSA was reported back in Sept 2003. Is it fixed the latest version? tinc's real problem though is the handshake protocol, in which the client and server exchange random RSA-encrypted strings. That's raw bit strings, there's no PKCS #1 or OAEP padding, and the server is happy to act as an oracle for you too. This is a terrible way to use RSA, and usually compromises

> > Looks like control channel/handshake was not secure as part of previous > security analysis. Has it been fixed? > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20180314/d53fd254/attachment.html>

Please feel free to share your own benchmarks if any in the mean time. On Wed, Mar 14, 2018 at 12:36 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Wed, Mar 14, 2018 at 08:42:20AM -0700, al so wrote: > > > Is there performance issue with Tinc compared to alternatives? > > Performance depends on many variables, it is impossible to say "A is > nn% faster/slower

Any reference to Tinc deployments in the US geography in small business environments. Looking at the Tinc security, looks like some basic security issues were fixed to some extent 13 years after reporting. Is that a concern. My guess is Tinc may not have been used in Business critical environments? -------------- next part -------------- An HTML attachment was scrubbed... URL:

Are you sure it is enabled by default? On Fri, Mar 16, 2018 at 4:07 PM, Todd C. Miller <Todd.Miller at sudo.ws> wrote: > On Fri, 16 Mar 2018 14:37:58 -0700, al so wrote: > > > Is SPTPS protocol enabled in 1.1 by default? Or we need to manually > enable > > it. > > It is enabled by default. You can disable it by setting > ExperimentalProtocol = no in

I am surprised this experimental protocol is enabled by default. On Wed, Mar 21, 2018 at 3:07 PM, Todd C. Miller <Todd.Miller at sudo.ws> wrote: > On Wed, 21 Mar 2018 14:54:07 -0700, al so wrote: > > > Are you sure it is enabled by default? > > Yes. > > See the description of ExperimentalProtocol in the tinc.conf manual > for details. If you don't believe

Of course pre-release is not meant for production! But how comfortable you feel using 1.1 prerelease in production. It also comes with scary Experimental auth protocol!! How secure one feel to deploy in production for business use? Looks like production release of 1.1 is not set. -------------- next part -------------- An HTML attachment was scrubbed... URL: