Displaying 20 results from an estimated 400 matches similar to: "Tinc and security"
2011 Jan 14
1
QOS Wishes
Hello all,
It would be a great feature if QOS could be implemented in Tinc.
It's not to do any sort of comparison, but with OpenVPN, the traffic can
be shapped.
In the way that tinc works as mesh VPN, the great feature would be to
fix a shapping value on each nodes, known and respected by each others.
(like MPLS does)
As an exemple, you've got 3 nodes A,B and C, you want Tinc flows on A
2011 Jun 15
1
Re connecting to SIP Provider with virtual IP, from pacemaker cluster
Hi,
If your cluster's virtual IP is using ip aliasing (eg eth0:0), i think
your problem come from UDP flows, they are, in opposition to TCP flows,
unconnected, so the IP stack take the shortest route/interface to send
them, wich is when this is the default route, the real interface and not
the aliased.
For exemple if you have eth0 the real, eth0:0 the virtual, you can try
to add in your
2012 Nov 14
1
[olug] TINC
IPsec Pre Shared Key for enterprise wireless is worse than PPTP according
to https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ .
Make sure IPsec is used with certificates instead.
tinc is an educational project sponsored by a university aiming to grow
awareness of encryption over the public internet. It does not have a
marketing department. Criticism is welcome. Think of
2004 Mar 03
1
Big VPN
Richard Atterer wrote:
>On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote:
>
>
>>You might want to check tinc (http://tinc.nl.linux.org)
>>
>>
>
>I strongly recommend *not* to use tinc.
><http://www.securityfocus.com/archive/1/249142> illustrates that the
>authors didn't have enough expertise to build a secure tool 2 years ago.
2015 Jan 05
2
Fwd: [Cryptography] Why aren’t we using SSH for everything?
There were a few notes in this thread that may indicate
open areas for development. I forward merely as FYI.
http://www.metzdowd.com/pipermail/cryptography/2015-January/024231.html
---------- Forwarded message ----------
From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
Date: Sun, Jan 4, 2015 at 9:29 PM
Subject: Re: [Cryptography] Why aren?t we using SSH for everything?
To: calestyo at
2012 Apr 18
4
FW: tinc Digest, Vol 90, Issue 17
Dear C?dric,
If I am using windows version of tinc, how can I check the connection list?
Regards,
Eric
-----Original Message-----
From: tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org] On Behalf
Of tinc-request at tinc-vpn.org
Sent: Wednesday, April 18, 2012 6:00 PM
To: tinc at tinc-vpn.org
Subject: tinc Digest, Vol 90, Issue 17
Send tinc mailing list submissions to
tinc at
2011 Jan 06
3
linux ip command and routing
Hi,
I have a routing problem.
When i start tinc it creates the following route in the main routing table.
192.168.2.0/24 dev nb003004 proto kernel scope link src 192.168.2.8
The problem is that i want to use extra routing tables for each tinc vpn.
When i set the netmask for the tinc device to 255.255.255.255.
The route is not created, how can i add it to a another route table.
Setting a
2018 Apr 18
1
Bitrot strange behavior
Hi Sweta,
Thanks, this drive me some more questions:
1. What is the reason of delaying signature creation ?
2. As a same file (replicated or dispersed) having different signature thought bricks is by definition an error, it would be good to triggered it during a scrub, or with a different tool. Is something like this planned ?
Cheers
?
C?dric Lemarchand
> On 18 Apr 2018, at 07:53, Sweta
2017 Jan 23
1
nfs-ganesha rsa.pub download give 403
Hello,
It seems there is some rights problem with https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub <https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub> :
wget -O /dev/null https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub <https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub>
--2017-01-23 19:28:47--
2011 Jan 15
4
Sound quality issue
Hello,
Our Asterisk runs with multiple remote sites (12 over an MPLS network),
everything works fine except for the last site we have juste installed.
When VOIP flows comes/goes from/to this site, there are sound quality
issues, persistent, 100% reproducible, on every call. This is not a
bandwidth or latency or jitter problem, everything is fine on the network.
Our MPLS provider does all check
2018 Apr 18
0
Bitrot strange behavior
Hi Cedric,
Any file is picked up for signing by the bitd process after the
predetermined wait of 120 seconds. This default value is captured in the
volume option 'features.expiry-time' and is configurable - in your case,
it can be set to 0 or 1.
Point 2 is correct. A file corrupted before the bitrot signature is
generated will not be successfully detected by the scrubber. That would
2012 Apr 17
1
Network management function of tinc
Dear Sir,
Any network management function is available on tinc vpn? Such as, how can I check it out how many VPN nodes is connected now?
Regards,Eric
P Please consider your environmental responsibility. Before printing this e-mail message, ask yourself whether you really need a hard copy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2014 May 20
2
packet loss
Hi,
Something strange is happening at my place: I have lots of packet loss
in my tinc vpn.
Network layout:
laptop --- wifi --- other pc
ping from laptop to other pc OUTSIDE tinc: 0% packet loss
ping from laptop to other pc VIA tinc: 50% packet loss
What could be the cause of that?
Folkert van Heusden
--
Always wondered what the latency of your webserver is? Or how much more
latency you
2010 Nov 28
4
TCPOnly is required since 1.0.13?
Hi,
I upgraded some of my Tinc nodes from 1.0.8 recently and found something
strange.
All of a sudden, the vpn would not work as a full-mesh. Certain nodes
were not contactable.
I re-generated my rsa-keys, and checked my configuration. My vpn uses
the following in tinc.conf, as I am routing both ipv4 and v6.
===
name = node1
mode = switch
AddressFamily = any
PMTU = 1280
PMTUDiscovery = yes
2013 Jul 24
3
PingTimeout
Hello list,
I use tinc with QOS, and since some weeks I got problem with tunnel
disconnection because the default "Pingtimeout" of 5 sec is reach.
I think it happens because of the QOS shappe the tinc traffic (data
here) to let some BP for VOIP, but whate is very strange is that the
ICMP protocol is not include in the shapping, so tinc would never 'see'
latency on the link,
2015 Jan 06
2
RE: Fwd: [Cryptography] Why aren’t we using SSH for everything?
Damien,
What is the best document to use for documentation on SFTP? In other words, if I want to build an SFTP client library based on libssh.a, is there documentation about the series of messages I need to send over the wire?
Thanks,
ScottN
-----Original Message-----
From: openssh-unix-dev [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at mindrot.org] On Behalf Of Damien Miller
Sent:
2018 Apr 16
2
Bitrot strange behavior
Hello,
I am playing around with the bitrot feature and have some questions:
1. when a file is created, the "trusted.bit-rot.signature? attribute
seems only created approximatively 120 seconds after its creations
(the cluster is idle and there is only one file living on it). Why ?
Is there a way to make this attribute generated at the same time of
the file creation ?
2. corrupting a file
2016 Dec 29
1
AD DC as KVM guest on file server host?
29.12.2016 19:01, Filippe LeMarchand пишет:
> Is kvm I/O realy disadventage? I use samba file server as kvm guest
> (LVM storage pool) in some setups and disn't notice any problems.
> Sequential read/write speed isn't noticeably different from
> non-virtualized samba host. Did I miss something and should expect
> sudden trouble?
No you shouldn't. What I meant is: of
2016 Jan 11
1
Learned something today
On 01/11/2016 06:50 AM, Always Learning wrote:
> Why not, on start-up, create a 'ram disk' and do your sensitive work in
> volatile RAM or is this what 'tmpfs' implies ?
I think that's what OP expected tmpfs to be, but it should be noted that
tmpfs *can* be swapped to disk, so it should not be used for data that
you don't want to ever hit non-volatile storage
2016 Feb 08
2
Utility to zero unused blocks on disk
On Mon, February 8, 2016 4:22 pm, John R Pierce wrote:
> On 2/8/2016 2:14 PM, Chris Murphy wrote:
>> DBAN is obsolete. NIST 800-88 for some time now says to use secure erase
>> or
>> enhanced security erase or crypto erase if supported.
>>
>> Other options do not erase data in remapped sectors.
>
> the only truly safe way to destroy data on magnetic media is