similar to: Things that need to be fixed

Hello everybody, I have just released tinc 1.0pre4. Changes: - New authentication protocol (better security, and faster too). - TCPonly and IndirectData are back (but not fully tested). - Documentation revised, it's really up to date with the released package now. - tincd -K now stores public/private keys in PEM format, but keys of 1.0pre3 can still be used. - Faster and more secure

I got some email from spsun@public1.wx.js.cn, and he found out that: - The nasty key exchange bug that will make connections go dead after an hour is part of the tinc 1.0pre4 release :(. It will only show up on VPNs with more than 2 daemons though. It is already fixed in the CVS version. - If IndirectData = yes, there is still an error in protocol.c: DEL_HOSTS are sent for hosts which

Hi, here's a small list of things that need to be done, and the version when it should be ready. smartcard support 1.1 LDAP support 1.1 public/private keys for authentication 1.1 don't store passphrases in files that are called after IP addresses 1.0 use names to identify

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Don't do blocking read()s when getting a signal. * Remove RSA key checking code, since it sometimes thinks perfectly good RSA keys are bad. * Fix handling of subnets when prefixlength isn't divisible by 8. This version features only small bugfixes. It is fully compatible with 1.0pre6. --

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Don't do blocking read()s when getting a signal. * Remove RSA key checking code, since it sometimes thinks perfectly good RSA keys are bad. * Fix handling of subnets when prefixlength isn't divisible by 8. This version features only small bugfixes. It is fully compatible with 1.0pre6. --

On Thu, Mar 08, 2001 at 11:51:53AM +0100, Marcel Loesberg wrote: > I'm going to build a VPN and I want to use either Tinc or FreeS/WAN. > I've started building the VPN with FreeS/WAN and I find things are getting > rather complicated. > I looks like Tinc is much easier to configure but in the FAQ and in what I've > seen of the documentation so far there is no mention of

Hello everybody, If you're there, and you're interested, you can find us at the time and place mentioned in the subject! See you there. ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/

Just spotted this on the VTun mailing list. Might be interesting, if there were a TUN/TAP driver for windows it would be a lot easier to make a M$ port of tinc. Not that I feel much motivation to do so... ----- Forwarded message from Michael Heyse <mh@designassembly.de> ----- From: "Michael Heyse" <mh@designassembly.de> To: "VTun mailing list"

Hi everybody, I'm looking into replacing the linked lists in tinc with balanced trees. Using balanced trees will greatly improve performance for medium to large VPNs. As I see it, there are several options: 1) Use tsearch()/twalk()/etc functions from glibc. + It is in a very standard library - It relies solely on callback functions, which sometimes results in ugly, awkward code (I

On Mon, Nov 13, 2000 at 03:19:16PM -0500, Steve Horne wrote: > First, please forgive me if the answer to my question is accessible somewhere That's all right. > I want to set up a vpn between a computer with a standard IP address (HOME), > and one hidden behind a firewall, without an externally accessible IP address > (WORK). I can reach HOME from WORK via TCP/IP but not the

On Mon, Apr 30, 2001 at 03:57:25AM +0000, cuBe wrote: > Having some probs with setting up tap0: > > aibo:~# ifconfig tap0 hw ether fe:fd:00:00:00:00 > SIOCSIFHWADDR: No such device > > Now, I;ve checked everthing, and it all seems in order. I have compiled in > theUniversal TAP/TUN support, and Netlink (including CONFIG_NETLINK_DEV), > but to no avil, that error always

Hello everyone, I have put revised and even more up-to-date documentation on the website (http://tinc.nl.linux.org/documentation/tinc.html). It is actually meant for the upcoming pre4 release, but most of it applies to pre3 as well, and it is a lot more helpful than the previous docs. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> --------------

On Tue, Nov 20, 2001 at 11:48:17AM +0100, Florian Schnabel wrote: > I need to build a VPN and want to use tinc ... > The problem is, neither of the two PC's got a static IP ... > (stupid german ISP's) > so i need to figure out a way to do this without ... > i got root access to a server with static IP to > exchange the IP's ... If you have a static domain name for

After quite some time version 1.0pre5 has been released. Here is a summary of the changes: * Security enhancements: * Added sequence number and optional message authentication code to the packets. * Configurable encryption cipher and digest algorithms. * More robust handling of dis- and reconnects. * Added a "switch" and a "hub" mode to allow bridging setups. *

After quite some time version 1.0pre5 has been released. Here is a summary of the changes: * Security enhancements: * Added sequence number and optional message authentication code to the packets. * Configurable encryption cipher and digest algorithms. * More robust handling of dis- and reconnects. * Added a "switch" and a "hub" mode to allow bridging setups. *

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Improvement of redundant links: * Non-blocking connects. * Protocol broadcast messages can no longer go into an infinite loop. * Graph algorithm updated to look harder for direct connections. * Good support for routing IPv6 packets over the VPN. Works on Linux, FreeBSD, possibly OpenBSD

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Improvement of redundant links: * Non-blocking connects. * Protocol broadcast messages can no longer go into an infinite loop. * Graph algorithm updated to look harder for direct connections. * Good support for routing IPv6 packets over the VPN. Works on Linux, FreeBSD, possibly OpenBSD

Hello everybody, Here are some thoughts about the authentication scheme to be used in tinc. The current scheme (see CVS version, revision CABAL) does this: Client Server --------------------------------------- send_id(u) send_challenge(R) send_chal_reply(H) send_id(u) send_challenge(R)

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like: