similar to: Avoid some hosts/networks to see each other

Hi all, I'm currently happily using tinc in my networks. I also use OpenVPN based on the customer requirements. I though have some questions which I could not find a clear answer. What I'd like to know is: 1. How to revoke a "node", simply removing the host file on the servers is enough? And one created by invitation? 2. Is there a way to let tinc ask for a username/password

Tinc 1.0 3 control masters Many service hosts Laptop (road warrior) The control masters have the public keys for the service hosts and the laptop so that they can join the network. How can I prevent the laptop user to connect additional boxes to the network? In my view he can simply add new 'foreign' hosts and specify connectTo to point to the laptop. As keys are exchanged automatically

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

Hi all. I have the following setup: 1st dc is on CentOS 6 with Sernet samba 4.1.13 2nd dc is on Debian 7 with Sernet samba 4.1.13 The 2 dc work as expected. on CentOS I was able to configure sssd to work on Debian I'm using winbind Now I have a 3rd server which is CentOS 7 with samba 4.1.1 from CentOS repository. This system serves as a file server and works ok with samba, but I have a

I am attempting to utilize BackupPC on a Fedora 14 server to backup a remote client. As I understand, it's primary mechanism for finding clients is performing a nmblookup <clientname> This works fine for computers connected to the local network. My issue is extending ?Samba's? search to encompass our other network - the point-to-point VPNs Using OpenVPN, we have a number of road

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

Hi, The short answer to this is that Samba changes the machine account password every 7 days with the default settings. As you were told, if you join the domain with "kerberos method = secrets and keytab" on you smb.conf, the generated keytab won't expire. Another workaround would be to set "machine password timeout = 0" Best regards. On Mon, Dec 29, 2014 at 2:29 PM,

Hi, I had a look at this page which describes a single VPN zone called "vpn": http://www.shorewall.net/IPSEC-2.6.html Is this the most current information? It is the top page found by Google for "shorewall ipsec" Is there any information about setting up multiple VPN zones for different classes of road warrior? E.g. lets say there are two classes of road warrior:

Hello Since SIP/RTP is a pain to use with road warriors who need to connect from any location over the Internet, I'd like to get them some IAX phones instead. For those of you using this protocol instead of SIP, what would you recommend as IAX hardphones and Windows (and ideally Mac) softphones? Thank you.

Hi all, I'm experiencing a strange problem. I have setup 2 gateways which are behind a NAT router. They are configured in Route mode and have the ips 10.0.0.1/32 and 10.0.0.2/32 on the tinc interface The also have subnets (192.168.1.0/24 and 192.168.2.0/24 respectively). Now the odd thing is that when the VPN comes up they both also add the local subnet to their routes on the tinc

Il dom 22 apr 2018, 10:46 Alessandro Briosi <ab1 at metalit.com> ha scritto: > Imho the easiest path would be to turn off sharding on the volume and > simply do a copy of the files (to a different directory, or rename and > then copy i.e.) > > This should simply store the files without sharding. > If you turn off sharding on a sharded volume with data in it, all sharded

Dear Shorewall''ers I''ve been using Shorewall for 6 month, it''s work good as i expected, but i want to activate shorewall vpn futures , road warriors user with dynamic ip address on thir laptop, Can some one give me explaination, url link or sample configuration. ? regards reza

I recently tried to run a game called "Wizards and Warriors" using wine version 20011108 and received the following error message: err:cdrom:CDROM_GetLabel we don't have a way of determining the label of a mixed mode CD - Linux doesn't allow raw access !! I'm not quite sure I understand this message.. raw access to what? What type of label is it looking for? Is this

Il 2015-05-05 13:29 Guus Sliepen ha scritto: > On Tue, May 05, 2015 at 01:18:15PM +0200, Alessandro Briosi wrote: > >> Now the odd thing is that when the VPN comes up they both also add the >> local >> subnet to their routes on the tinc interface: > [...] >> the subnet-up script runs this command: >> ip route add $SUBNET dev $INTERFACE metric $WEIGHT

I have a bunch of road warriors who I've set up with Xlite clients. Unfortunately the sound quality has been intermittent at best. Sometimes it's great other times completely unusable. When it's bad one usually hears harsh static when the other party speaks or their voice gets "clipped" to static if they speak too loudly. Many of these users have migrated to Skype ? much

Il 2017-07-10 18:32 Matthew Nichols ha scritto: > 1. That entirely depends on how you have it set up (look at > StrictSubnets and TunnelServer). It might also be recommended to have > every node re-key itself (http://tinc-vpn.org/security/). I've used StrictSubnets and TunnelServer (and probably will keep using this so roadwarriors don't see eachother, though looking at the logs

Hi All, I know this isn't really a Samba question per se but I'm looking for some samba-related advice.. :) I have a very small AD DC setup (5 users) and some end-users (read: teenargers) are now using laptops, which means they don't always have access to the network shares configured by GPO and Logon scripts from the Samba servers when they take the laptop to school. (The Samba

On Sun, Mar 13, 2016 at 04:57:12PM +0000, Azul wrote: > Tinc 1.0 > 3 control masters > Many service hosts > Laptop (road warrior) > > The control masters have the public keys for the service hosts and the > laptop so that they can join the network. > > How can I prevent the laptop user to connect additional boxes to the > network? There are several ways. One can

Thanks I will look into StrictSubnets, while digging through the mailling list I came across this: https://github.com/siblynx/tinc-1.0.16_hostupd/blob/master/README.hostupd which is pretty close to what I need That looks to be a fork on its own, with no PR raises for addding that functionality to the main tinc, unless I missed it out. Are there any plans to bring that functionality in ? -azul

Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line