similar to: public key format

ssh-keygen already supports importing and exporting ssh keys using various formats. The "-m PEM" which should have been the easiest to be used with various of external application expects PKCS#1 encoded key, while many applications use SubjectPublicKeyInfo encoded key. This change adds SubjectPublicKeyInfo support, to ease integration with applications. Examples: ## convert

https://bugzilla.mindrot.org/show_bug.cgi?id=2567 Bug ID: 2567 Summary: Wrong terminology used for ssh-keygen "-m" option Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: Documentation Assignee:

Hello. I found that anonymous structures does not work on gcc-2.95. If you guys want to support a bit older platforms I suggest fixing it. You can check out patch I created to fix this issue. I just added 2 extra structures to remove anonymous structs inside connection_status_t and node_status_t. Patch is here: ftp://borg.uu3.net/pub/unix/tinc/tinc.patch Attaching it as well. Regards, Borg

Hi there, As of Dovecot 2.2.9, it's possible to enable passwordless authentication using client certificates [1]: ssl_ca = </etc/ssl/ca.pem ssl_verify_client_cert = yes auth_ssl_username_from_cert = yes (Password checking can be bypassed by returning the extra fields ?password= nopassword? in the passdb when the variable ?%k? expands to "valid".) However this

Hello, should the cvs trunk compile? a configure first gave me errors. I had to replace any appearance of "[config.h]" to config.h in the Makefile. Then a make did not finish: make[2]: Entering directory `/usr/src/tinc/lib' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/usr/src/tinc/lib' Making all in src make[2]: Entering directory

Dear developers, I am interested in understanding in more details how tinc's metaprotocol works. I apologize in advance if this was already described somewhere, I could not find it in the mailing list archive. So let's say machine A has a Address= ip.b.example and manages to contact server B via the meta connection. 1) Then B's tinc daemon will send to A edge and subnet

I believe the reason why you're experiencing this problem is because tinc does not use the connection TCP port to determine which port to send UDP packets to. Instead, it uses the port that is *advertised* by the other node. https://github.com/gsliepen/tinc/blob/06b820133285f83f7e1a839cccbed13358b84081/src/protocol_auth.c#L886 That means that if node A is configured with UDP port 655,

Hi, So my Debian machines are all using the follow cipher + digest: Cipher = chacha20-poly1305 Digest = blake2b512 However my OpenWRT router does not have chacha20-poly1305 and blake2b512 in its SSL library, so it uses the following: Cipher = aes-128-cbc Digest = sha512 I am a bit surprised that the router's tinc manages to talk to Debian's tinc, when I set a cipher suite that the

Hi, I've got the following error when tried to compile tinc-1.0.24: gcc -g -O2 -pie -L/opt/local/lib -o tincd avl_tree.o conf.o connection.o dropin.o dummy_device.o edge.o event.o fake-getaddrinfo.o fake-getnameinfo.o getopt.o getopt1.o graph.o list.o logger.o meta.o multicast_device.o net.o net_packet.o net_setup.o net_socket.o netutl.o node.o pidfile.o process.o protocol.o

Hello! First, nice peace of work, thx ;->> After some production server crashes with a far too early version of FreeSWAN (abaout 3 years ago) and the unwillingness to get an OpenSSL expert just to build a VPN, I was happy to read about the rather simple configuration of tinc ("Linux Magazin", a monthly Linux paper published in Germany, gave an overview of free VPN solutions in

Hello, I am using samba 2.0.4b on Linux 2.0.36. Since I changed some of the parameters in my smb.conf I have a very strange Problem. Everytime my Samba-Box wins the browselist election process two nmbds are started and my WinXX-Clients do not get access to samba (I could see the server but not access the shares nor login to the domain). smbclient -L server from server works fine. From another

Hi all, I have been testing network throughput and latency and I was wondering if my measurements are as expected. For the test, I used Fedora 17 for both host and guest, using kernel 3.5.2-3.fc17.86_64. Pinging an external server on the LAN from the host, using a gigabit interface, the results are: # ping -c 10 172.16.1.1 PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data. 64 bytes from

Hi all, I have been testing network throughput and latency and I was wondering if my measurements are as expected. For the test, I used Fedora 17 for both host and guest, using kernel 3.5.2-3.fc17.86_64. Pinging an external server on the LAN from the host, using a gigabit interface, the results are: # ping -c 10 172.16.1.1 PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data. 64 bytes from

Hi there, I would need some help with my configuration. I have tried a long time, but did not find my error. Thus I would really appreciate your help. There are three hosts: 1. h181 2. h182: Should ConnectTo h181 3. h183: Should ConnectTo h181 *Files under /etc/tinc/vpn0/hosts* [h181:] Address = 94.130.108.xxx Subnet = 172.16.1.1/32 -----BEGIN RSA PUBLIC KEY----- *** -----END RSA PUBLIC

Hi, my box is connected to 3 networks, eth0 eth1 wlan0. I want "my" traffic to go via wlan0 and everything from eth1 NATed to eth0: eth0 192.168.1.10/24 eth1 172.16.1.1/12 wlan0 192.168.10.190/24 I first tried this with two single hosts: iptables -A POSTROUTING -j MASQUERADE -o eth0 -t nat iptables -A POSTROUTING -j MASQUERADE -o wlan0 -t nat echo 200 Forw >>

Hello all, I've been using * for quite some time and yesterday I decided to add sipbroker to my config. It was pretty simple and it works for some numbers (e.g. I can call *258-9123, UK date & time - which is on the "phone numbers you can call" page -) but fails for some others. For example I've got a friend who's at freephonie so to call him, I would dial

Hello! I''ve the following set-up RemoteClient1 (Win Vista), RemoteClient2 (Win XP) do both connect to my OpenVPN box. They can talk to each other, using their 172.16.1.x tun0 Address on the server. The server itself (Ubuntu gutsy, OpenVPN: 2.0.9-8, shorewall:3.4.4-1) has 1 NIC that connects the machine to a) a DSL-router (forwards several ports to this linux machine, including the

We are trying to configure shorewall as follows: 1. We have shorewall running at gateway (172.16.1.1) with NAT. 2. We have a number of web servers (172.16.1.x/24). These web servers are accessed through port forwarding at the gateway (172.16.1.1) and websites are visible through virtual hosting through a web re-director. 3. Presently the proxy server runs in a transparent mode, i.e., all web

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

I've been having troubles getting cross subnet browsing working in existance with a WinNT domain master (hey, it's not my machine). Basically what is happening is that I am trying to setup a VPN (which shouldn't complicate things) that browsing will work across. The idea is this: There is an office in my local city that I'm connecting San Francisco to via VPN. The TCP/IP part is