similar to: tinc TODO list

While working on SPTPS UDP relaying I realized that there is one issue I didn't account for, which is that the sending node only knows the PMTU to the first relay node. It doesn't know the PMTU of the entire relay path beyond the first hop, because the relay nodes don't provide their own PMTU information over the metaprotocol. Now, in the legacy protocol this is not really an issue,

Hi, So I''ve started mucking about with Merb. I''m doing some experimenting with some product ideas. Things are working out quite well, Merb is a pleasure to use. It seems very fast too. A couple of rough spots but that might be me, if they are still chaffing after a few more days I''ll mention them. One thing... I wrote a controller and a view with several

Sending your passphrase encrypted is all fine, but tinc sends the key with which it was encrypted about a second later... Anyone being able to intercept these two requests is authorized on the VPN. We need asymmetric authentication _now_. -- Ivo Timmermans -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size:

Hi Ivo, --On Freitag, 23. Juni 2000 01:15 +0200 Ivo Timmermans <zarq@icicle.yi.org> wrote: > I'm not sure I fully understand your patch. This is not so important since I'm trying to get 1.0pre2 running. Although I had no luck so far, I'll point out what's going wrong at the end of this mail. > For instance, you force a > key exchange when the connection is made,

On Thu, Mar 08, 2001 at 11:51:53AM +0100, Marcel Loesberg wrote: > I'm going to build a VPN and I want to use either Tinc or FreeS/WAN. > I've started building the VPN with FreeS/WAN and I find things are getting > rather complicated. > I looks like Tinc is much easier to configure but in the FAQ and in what I've > seen of the documentation so far there is no mention of

Was running 1.0pre2 just fine, but had to move machines, so I figgured I'd give 1.0pre3 a try. After getting everything to build and figguring out the new config files, here's where I'm stuck. Start the server process (remote machine). Start the client process (local machine). In remote machine, the following shows up in syslog: tinc[2659]: Got SEGV signal In local machine, the

Hello, I'm trying to set up a vpn using tinc, so I installed tinc with the rpm version on my firewall as a listener. Setting up the tap device is no problem. The file /etc/tinc/tinc.conf looks like: TapDevice = /dev/tap0 MyVirtualIP = 192.168.2.1/24 Vpnmask = 255.255.255.0 When I start the script /etc/rc.d/init.d/tinc start it says something about missing /etc/tinc/nets.boot

Dear developers, I am interested in understanding in more details how tinc's metaprotocol works. I apologize in advance if this was already described somewhere, I could not find it in the mailing list archive. So let's say machine A has a Address= ip.b.example and manages to contact server B via the meta connection. 1) Then B's tinc daemon will send to A edge and subnet

Hi everybody, I'm looking into replacing the linked lists in tinc with balanced trees. Using balanced trees will greatly improve performance for medium to large VPNs. As I see it, there are several options: 1) Use tsearch()/twalk()/etc functions from glibc. + It is in a very standard library - It relies solely on callback functions, which sometimes results in ugly, awkward code (I

Whens the point and click GUI coming out? All kidding aside, I seem to be confused about some of the network settings. Essentially all I want is a secure tunnel from machine A to B on two different physical networks, but I can't seem to get there. Just to get things figured out I've got two machines on the same physical network, mach A: 192.168.0.1, mach B: 192.168.0.3. bcast is

On Sat, May 16, 2015 at 04:53:33PM +0100, Etienne Dechamps wrote: > I believe there is a design flaw in the way SPTPS key regeneration > works, because upon reception of the KEX message the other nodes will > send both KEX and SIG messages at the same time. However, the node > expects SIG to arrive after KEX. Therefore, there is an implicit > assumption that messages won't

Although we (the authors of tinc) have done our best to make tinc as secure as possible, an unfortunate combination of encryption and key exchange techniques has created a hole in at least all versions of tinc >= 0.3, including the current CVS version. Exploit: If somebody can intercept the meta protocol to a host that is running a tinc daemon, it is possible to decrypt the passphrase, which

Although we (the authors of tinc) have done our best to make tinc as secure as possible, an unfortunate combination of encryption and key exchange techniques has created a hole in at least all versions of tinc >= 0.3, including the current CVS version. Exploit: If somebody can intercept the meta protocol to a host that is running a tinc daemon, it is possible to decrypt the passphrase, which

Hi 'tinc users' I'm new whit tinc and this mail-list. I like to build a vpn over the internet between two sites in Holland and Germany. Are there some experience whit the performance (turn-a-round en bandwidth) of a link. I want to use it for a 1,5Mb connection. Greetings, Fred Krom. - Tinc: Discussion list about the tinc VPN daemon Archive:

Hey, I was running some benchmarks (netserver/netperf) where the init script just launched the netserver and nothing else and was concerned to see the performance not up to par. This was an HVM guest running with PV drivers. If I compile the kernel without CONFIG_FUNCTION_TRACER it is much better - but it was my understanding that the tracing code does not impact the machine unless it is

Hi, when I try to iniate tinc connection between two machins i get the following at the syslogs: client machine: Mar 19 18:46:31 localhost tinc[733]: Ready: listening on port 655 Mar 19 18:46:31 localhost tinc[733]: Trying to connect to 192.168.1.180 Mar 19 18:46:31 localhost tinc[733]: Connected to 192.168.1.180 port 655 Mar 19 18:46:31 localhost tinc[733]: Metadata socket read error for

JitterBug notification ivo moved PR#9 from incoming to wishlist Message summary for PR#9 From: vdongen@hetisw.nl Subject: map Date: Sun, 2 Jul 2000 18:23:20 0200 (CEST) 0 replies 0 followups Notes: This is a nice idea on itself, but not really doable in tinc itself. What would be nice is the ability to control tinc realtime with some sort of GUI tool. This tool can then be used for much

Guus Sliepen wrote: > - Added TCP_NODELAY and IPTOS_LOWDELAY options for meta sockets. Maybe it's better to make these optional? -- Ivo Timmermans --- TINC development list, tinc-devel@nl.linux.org Archive: http://mail.nl.linux.org/tinc-devel/

In my opinion there ought to be a configuration option that allows for those who have their whole OpenSSL distro located in /usr/local/ssl to configure without what now must be done: moving libraries and include files around, etc. I am reasonably certain that I built my version of OpenSSL (0.9.5a) with the default install paths and names, and it breaks horribly when I try to ./configure in your

Hi, I installed tinc as described in the documentation and started the tincd. It runs, all config files seem ok, but when I do a netstat -an, it isn't listening nor connected (to another tincd on another host). Is there a configfile error or something else? Getting the right info wasn't easy either. The info on the homepage seems old, since the manpages say other configuration issue.