similar to: Tinc and security

Hello all, It would be a great feature if QOS could be implemented in Tinc. It's not to do any sort of comparison, but with OpenVPN, the traffic can be shapped. In the way that tinc works as mesh VPN, the great feature would be to fix a shapping value on each nodes, known and respected by each others. (like MPLS does) As an exemple, you've got 3 nodes A,B and C, you want Tinc flows on A

Hi, If your cluster's virtual IP is using ip aliasing (eg eth0:0), i think your problem come from UDP flows, they are, in opposition to TCP flows, unconnected, so the IP stack take the shortest route/interface to send them, wich is when this is the default route, the real interface and not the aliased. For exemple if you have eth0 the real, eth0:0 the virtual, you can try to add in your

IPsec Pre Shared Key for enterprise wireless is worse than PPTP according to https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ . Make sure IPsec is used with certificates instead. tinc is an educational project sponsored by a university aiming to grow awareness of encryption over the public internet. It does not have a marketing department. Criticism is welcome. Think of

Richard Atterer wrote: >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > >>You might want to check tinc (http://tinc.nl.linux.org) >> >> > >I strongly recommend *not* to use tinc. ><http://www.securityfocus.com/archive/1/249142> illustrates that the >authors didn't have enough expertise to build a secure tool 2 years ago.

There were a few notes in this thread that may indicate open areas for development. I forward merely as FYI. http://www.metzdowd.com/pipermail/cryptography/2015-January/024231.html ---------- Forwarded message ---------- From: Peter Gutmann <pgut001 at cs.auckland.ac.nz> Date: Sun, Jan 4, 2015 at 9:29 PM Subject: Re: [Cryptography] Why aren?t we using SSH for everything? To: calestyo at

Dear C?dric, If I am using windows version of tinc, how can I check the connection list? Regards, Eric -----Original Message----- From: tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of tinc-request at tinc-vpn.org Sent: Wednesday, April 18, 2012 6:00 PM To: tinc at tinc-vpn.org Subject: tinc Digest, Vol 90, Issue 17 Send tinc mailing list submissions to tinc at

Hi, I have a routing problem. When i start tinc it creates the following route in the main routing table. 192.168.2.0/24 dev nb003004 proto kernel scope link src 192.168.2.8 The problem is that i want to use extra routing tables for each tinc vpn. When i set the netmask for the tinc device to 255.255.255.255. The route is not created, how can i add it to a another route table. Setting a

Hi Sweta, Thanks, this drive me some more questions: 1. What is the reason of delaying signature creation ? 2. As a same file (replicated or dispersed) having different signature thought bricks is by definition an error, it would be good to triggered it during a scrub, or with a different tool. Is something like this planned ? Cheers ? C?dric Lemarchand > On 18 Apr 2018, at 07:53, Sweta

Hello, It seems there is some rights problem with https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub <https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub> : wget -O /dev/null https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub <https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub> --2017-01-23 19:28:47--

Hello, Our Asterisk runs with multiple remote sites (12 over an MPLS network), everything works fine except for the last site we have juste installed. When VOIP flows comes/goes from/to this site, there are sound quality issues, persistent, 100% reproducible, on every call. This is not a bandwidth or latency or jitter problem, everything is fine on the network. Our MPLS provider does all check

Hi Cedric, Any file is picked up for signing by the bitd process after the predetermined wait of 120 seconds. This default value is captured in the volume option 'features.expiry-time' and is configurable - in your case, it can be set to 0 or 1. Point 2 is correct. A file corrupted before the bitrot signature is generated will not be successfully detected by the scrubber. That would

Dear Sir, Any network management function is available on tinc vpn? Such as, how can I check it out how many VPN nodes is connected now? Regards,Eric P Please consider your environmental responsibility. Before printing this e-mail message, ask yourself whether you really need a hard copy. -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi, Something strange is happening at my place: I have lots of packet loss in my tinc vpn. Network layout: laptop --- wifi --- other pc ping from laptop to other pc OUTSIDE tinc: 0% packet loss ping from laptop to other pc VIA tinc: 50% packet loss What could be the cause of that? Folkert van Heusden -- Always wondered what the latency of your webserver is? Or how much more latency you

Hi, I upgraded some of my Tinc nodes from 1.0.8 recently and found something strange. All of a sudden, the vpn would not work as a full-mesh. Certain nodes were not contactable. I re-generated my rsa-keys, and checked my configuration. My vpn uses the following in tinc.conf, as I am routing both ipv4 and v6. === name = node1 mode = switch AddressFamily = any PMTU = 1280 PMTUDiscovery = yes

Hello list, I use tinc with QOS, and since some weeks I got problem with tunnel disconnection because the default "Pingtimeout" of 5 sec is reach. I think it happens because of the QOS shappe the tinc traffic (data here) to let some BP for VOIP, but whate is very strange is that the ICMP protocol is not include in the shapping, so tinc would never 'see' latency on the link,

Damien, What is the best document to use for documentation on SFTP? In other words, if I want to build an SFTP client library based on libssh.a, is there documentation about the series of messages I need to send over the wire? Thanks, ScottN -----Original Message----- From: openssh-unix-dev [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at mindrot.org] On Behalf Of Damien Miller Sent:

Hello, I am playing around with the bitrot feature and have some questions: 1. when a file is created, the "trusted.bit-rot.signature? attribute seems only created approximatively 120 seconds after its creations (the cluster is idle and there is only one file living on it). Why ? Is there a way to make this attribute generated at the same time of the file creation ? 2. corrupting a file

29.12.2016 19:01, Filippe LeMarchand пишет: > Is kvm I/O realy disadventage? I use samba file server as kvm guest > (LVM storage pool) in some setups and disn't notice any problems. > Sequential read/write speed isn't noticeably different from > non-virtualized samba host. Did I miss something and should expect > sudden trouble? No you shouldn't. What I meant is: of

On 01/11/2016 06:50 AM, Always Learning wrote: > Why not, on start-up, create a 'ram disk' and do your sensitive work in > volatile RAM or is this what 'tmpfs' implies ? I think that's what OP expected tmpfs to be, but it should be noted that tmpfs *can* be swapped to disk, so it should not be used for data that you don't want to ever hit non-volatile storage

On Mon, February 8, 2016 4:22 pm, John R Pierce wrote: > On 2/8/2016 2:14 PM, Chris Murphy wrote: >> DBAN is obsolete. NIST 800-88 for some time now says to use secure erase >> or >> enhanced security erase or crypto erase if supported. >> >> Other options do not erase data in remapped sectors. > > the only truly safe way to destroy data on magnetic media is