similar to: Security: Best practices, apparmor, -L, -R, -U

Hi, Thanks to John Wice for helping me with an earlier question. My two PCs behind the same router are still having problems connecting. Would appreciate thoughts on what I?m doing wrong? Router: Port 655 forwarded to 192.168.1.45, both TCP and UDP Port 656 forwarded to 192.168.1.51, both TCP and UDP Machine #1. ========== Local IP address on LAN = 192.168.1.45 Windows Firewall

Hi - Thanks to Sven-Haegar and Donald, but still having issues setting up with Windows. Machine1 can't ping the VPN address of machine2. Regular IPv4 address for both machines in 192.168.1.xxx range. Router: Forwarding port 655 to 101.102.103.1, UDP and TCP Forwarding port 656 to 101.102.103.2, UDP and TCP Tinc.conf on machine user1 just three lines: Name = vpnuser1 ConnectTo =

Dear All, I am trying to enable router mode of tinc on Windows 7 platform. Although I have enabled the router mode and IP routing in Windows 7 PC (Network A Server). The PC B is still unable to connect the Network A and PC A. But the Network A and PC A is able to communicate each other via tinc. Please help and advise me any incorrect of that. Network A server Real - LAN adapter IP:

Guus: I have been test running the VPN between 2 geographically different clusters on a TINC VPN for a couple of days. How confident are you in the New Protocol in 1.1Pre10? Or should I just play it safe and run the old protocol for production? How long do you think it will take for you to have confidence in the new protocol? When do you think you will gain that confidence? You should be

Hello, I am using nfsen 1.3.5 (http://nfsen.sourceforge.net/) on CentOS 5.8 x86_64 (running as a VM on a KVM Host). For those not knowing it, nfsen is using php and perl and it allows graphing and analysis of (Cisco routers) netflow data captured using nfdump. Often (about once a day) nfsen crashes for unknown reason. For example: # /data/nfsen/bin/nfsen status NfSen version: 1.3.5

Hello, I have faced some problems : 1. With iptables running i can't ping my tincvpn server but as i turn it off i can. i have added all rules mentioned in examples but no success. 2. I want to get internet access on the client which is a win 7 computer using tincVPN but i gained no success either (i can't use bridges because server is a VPS using OpenVZ) so any advice for solving this

Hi! I'm currently using Tinc to create a VPN between a Linux server, a Windows server, and my local laptop and desktop computers (both running Windows). I picked an IP in the 10.123.1.x range for each server, and added something like "Subnet = 10.123.1.1/32" to each host config file. It's working very well! What I'd like to do now is expose an extra subnet to the VPN. The

yes, I have these in C host file: Subnet=10.10.0.0/24 Subnet=0.0.0.0/1 Subnet=128.0.0.0/1 ## not metioned, because I think is maybe works in same as 0.0.0.0/1 B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1 I only added one route to 5.6.7.8 via B, not via C On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at gmail.com> wrote: > hi. > > Are you add only

Dear mailing list, How do I make Tinc auto start on Debian 8 Jessie? I’ve compiled and installed the latest stable release tinc-1.0.33 and I’ve tried this: nano /usr/local/etc/tinc/nets.boot Added the netname of my vpn sudo service tinc start Should work according to: https://www.digitalocean.com/community/tutorials/how-to-install-tinc-and-set-up-a-basic-vpn-on-ubuntu-14-04

hi. I suggest you to look at "Automatic Dependencies" in https://www.freedesktop.org/software/systemd/man/systemd.service.html. I think using "After=" and "Recuires=" is more suitable. On Mon, Feb 29, 2016 at 4:48 PM, md at rpzdesign.com <md at rpzdesign.com> wrote: > Hello Tinc'ers: > > I want to use TIncVPN in a systemd Ubuntu environment.

Window allows one to specify a DNS domain name and DNS server for a particular interface. So all DNS queries of your tinc interface are sent to a particular dns server. For instance windows tinc clients can use a particular dns server on a private LAN available only to clients inside that NAT or tinc clients. NetworkManager allows you to specify the same, but the tinc interface does not show up

Hi All, Through interpreting what the current Wiki article says, plus some trial and error: The following AppArmor rules *appear* to work for a Samba AD DC using the stuff from the distro for Ubuntu 14.04 LTS: $ cat /etc/apparmor.d/local/usr.sbin.named # Site-specific additions and overrides for usr.sbin.named. # For more details, please see /etc/apparmor.d/local/README. /dev/urandom w,

On 19/01/17 11:54, Ian Erickson wrote: > Greetings; I've posted the following to R's bug tracking system (at https://bugs.r-project.org/bugzilla/show_bug.cgi?id=17210 ) and Martin Maechler requested that I post to this list as well. > If I start R from the command line with --vanilla, then repeatedly execute the following line: > > det(matrix(nrow=10,ncol=10)) > > ... I

Thanks. I played with it some more, and finally got it working. I am willing to write up a detailed how-to, including screen shots, if you guys are interested. Just tell me in what format you want the write-up. Cheers, From: Daniel J. Grinkevich Sent: Wednesday, July 22, 2015 7:26 AM To: tinc at tinc-vpn.org Subject: RE: Please help debug Windows setup Your port forward needs to

Hi After kindly answering my question on snapshots not working whilst vm is on, i find that apparmor is still disturbing the process where snapshots can get written But although i should just be able to disable apparmor for my vm in virt-manager, whilst vm is off; that when i start the vm the apparmor settings go back to being enabled and set to dynamic This is stopping me from taking

On 08/26/2013 03:42 PM, 止语 wrote: > I am playing with libvirt 1.1.1 (lxc) > when I was starting a LXC container, the process location of cgroup is pretty , just the root directory > from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted... > > I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup

Hi guys, I want to enable apparmor security driver for my libvirt env with ubuntu os. What I do is as following: First, I got the source code and compile it. ubuntu@ubuntu:~/github$git clone git://libvirt.org/libvirt.git ubuntu@ubuntu:~/github/libvirt$ dpkg -l|grep apparmor ii apparmor 2.8.95~2430-0ubuntu5 amd64 User-space parser utility for AppArmor ii libapparmor-dev:amd64

Hi everyone, this is my first post at this mailing list. I have a question about upgrading libvirt, but also can fit to Apparmor. For example, I already installed KVM + libvirt from apt-get on Ubuntu 14.04. But the libvirt version is 1.2.9, so I want upgrade to 1.3.4 manually. Search the Internet, only few posts show how to edit so that can launch VM with Apparmor enabled. Most of posts says

In order to test a patch I submitted I've been experimenting with "qemu:commandline" to use some newer features for a QEMU host/guest file share. I quickly ran into issues with AppArmor as virt-aa-helper understandably doesn't parse "qemu:commandline" for directories to add to the dynamically generated AppArmor profile. After reading a bunch of documentation, I cannot

Hello all, Is there any guide to help in the configuration of Dovecot for AppArmor on Debian / Ubuntu ? Or maybe does any of you already have something that works? I am actually adding AppArmor on an email server project, and I had some trouble with the versions from Debian. I would like to avoid - if possible - the long try and error process for each Dovecot executable. I am using IMAP, LMTP,