similar to: OSDEM talk about tinc: today at 16:00 in room 58 (next to hacking rooms)

On Thu, Mar 08, 2001 at 11:51:53AM +0100, Marcel Loesberg wrote: > I'm going to build a VPN and I want to use either Tinc or FreeS/WAN. > I've started building the VPN with FreeS/WAN and I find things are getting > rather complicated. > I looks like Tinc is much easier to configure but in the FAQ and in what I've > seen of the documentation so far there is no mention of

Just spotted this on the VTun mailing list. Might be interesting, if there were a TUN/TAP driver for windows it would be a lot easier to make a M$ port of tinc. Not that I feel much motivation to do so... ----- Forwarded message from Michael Heyse <mh@designassembly.de> ----- From: "Michael Heyse" <mh@designassembly.de> To: "VTun mailing list"

Hi everybody, I'm looking into replacing the linked lists in tinc with balanced trees. Using balanced trees will greatly improve performance for medium to large VPNs. As I see it, there are several options: 1) Use tsearch()/twalk()/etc functions from glibc. + It is in a very standard library - It relies solely on callback functions, which sometimes results in ugly, awkward code (I

On Mon, Nov 13, 2000 at 03:19:16PM -0500, Steve Horne wrote: > First, please forgive me if the answer to my question is accessible somewhere That's all right. > I want to set up a vpn between a computer with a standard IP address (HOME), > and one hidden behind a firewall, without an externally accessible IP address > (WORK). I can reach HOME from WORK via TCP/IP but not the

On Mon, Apr 30, 2001 at 03:57:25AM +0000, cuBe wrote: > Having some probs with setting up tap0: > > aibo:~# ifconfig tap0 hw ether fe:fd:00:00:00:00 > SIOCSIFHWADDR: No such device > > Now, I;ve checked everthing, and it all seems in order. I have compiled in > theUniversal TAP/TUN support, and Netlink (including CONFIG_NETLINK_DEV), > but to no avil, that error always

Hello everybody, Here are some thoughts about the authentication scheme to be used in tinc. The current scheme (see CVS version, revision CABAL) does this: Client Server --------------------------------------- send_id(u) send_challenge(R) send_chal_reply(H) send_id(u) send_challenge(R)

Hi, The Makefiles in the tinc/po dir don't respect the DESTDIR environment variable. This prohibits rpm packages from installing the l10n files. The debian package tools don't have that problem as they chroot. When building rpms, the l10n files get installed into the real root - not very nice. I don't know how to edit the Makefile.in.in files, I can find out but it'd be nicer if

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Don't do blocking read()s when getting a signal. * Remove RSA key checking code, since it sometimes thinks perfectly good RSA keys are bad. * Fix handling of subnets when prefixlength isn't divisible by 8. This version features only small bugfixes. It is fully compatible with 1.0pre6. --

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Don't do blocking read()s when getting a signal. * Remove RSA key checking code, since it sometimes thinks perfectly good RSA keys are bad. * Fix handling of subnets when prefixlength isn't divisible by 8. This version features only small bugfixes. It is fully compatible with 1.0pre6. --

I got some email from spsun@public1.wx.js.cn, and he found out that: - The nasty key exchange bug that will make connections go dead after an hour is part of the tinc 1.0pre4 release :(. It will only show up on VPNs with more than 2 daemons though. It is already fixed in the CVS version. - If IndirectData = yes, there is still an error in protocol.c: DEL_HOSTS are sent for hosts which

Hi, There are several issues with tinc that need to be fixed: - IndirectData: currect protocol "masquerades" hosts which have IndirectData set. This is bad, because you can't do loop detection anymore, and it requires a lot of dirty code to do the masquerading properly. - Loop detection: request handlers must be revised to break the right connections upon detecting a loop. -

Hello everyone, I have put revised and even more up-to-date documentation on the website (http://tinc.nl.linux.org/documentation/tinc.html). It is actually meant for the upcoming pre4 release, but most of it applies to pre3 as well, and it is a lot more helpful than the previous docs. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> --------------

On Tue, Nov 20, 2001 at 11:48:17AM +0100, Florian Schnabel wrote: > I need to build a VPN and want to use tinc ... > The problem is, neither of the two PC's got a static IP ... > (stupid german ISP's) > so i need to figure out a way to do this without ... > i got root access to a server with static IP to > exchange the IP's ... If you have a static domain name for

After quite some time version 1.0pre5 has been released. Here is a summary of the changes: * Security enhancements: * Added sequence number and optional message authentication code to the packets. * Configurable encryption cipher and digest algorithms. * More robust handling of dis- and reconnects. * Added a "switch" and a "hub" mode to allow bridging setups. *

After quite some time version 1.0pre5 has been released. Here is a summary of the changes: * Security enhancements: * Added sequence number and optional message authentication code to the packets. * Configurable encryption cipher and digest algorithms. * More robust handling of dis- and reconnects. * Added a "switch" and a "hub" mode to allow bridging setups. *

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Improvement of redundant links: * Non-blocking connects. * Protocol broadcast messages can no longer go into an infinite loop. * Graph algorithm updated to look harder for direct connections. * Good support for routing IPv6 packets over the VPN. Works on Linux, FreeBSD, possibly OpenBSD

With pleasure we announce the release of version 1.0pre6. Here is a summary of the changes: * Improvement of redundant links: * Non-blocking connects. * Protocol broadcast messages can no longer go into an infinite loop. * Graph algorithm updated to look harder for direct connections. * Good support for routing IPv6 packets over the VPN. Works on Linux, FreeBSD, possibly OpenBSD

Hello everybody, I have just released tinc 1.0pre4. Changes: - New authentication protocol (better security, and faster too). - TCPonly and IndirectData are back (but not fully tested). - Documentation revised, it's really up to date with the released package now. - tincd -K now stores public/private keys in PEM format, but keys of 1.0pre3 can still be used. - Faster and more secure

Sending your passphrase encrypted is all fine, but tinc sends the key with which it was encrypted about a second later... Anyone being able to intercept these two requests is authorized on the VPN. We need asymmetric authentication _now_. -- Ivo Timmermans -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size:

Hi, here's a small list of things that need to be done, and the version when it should be ready. smartcard support 1.1 LDAP support 1.1 public/private keys for authentication 1.1 don't store passphrases in files that are called after IP addresses 1.0 use names to identify