similar to: Details on tinc's meta protocol

Displaying 20 results from an estimated 4000 matches similar to: "Details on tinc's meta protocol"

2008 Sep 30
1
Problem compiling tinc-1.0.8 on gcc-2.95
Hello. I found that anonymous structures does not work on gcc-2.95. If you guys want to support a bit older platforms I suggest fixing it. You can check out patch I created to fix this issue. I just added 2 extra structures to remove anonymous structs inside connection_status_t and node_status_t. Patch is here: ftp://borg.uu3.net/pub/unix/tinc/tinc.patch Attaching it as well. Regards, Borg
2000 Aug 21
2
tinc TODO list
Hi, here's a small list of things that need to be done, and the version when it should be ready. smartcard support 1.1 LDAP support 1.1 public/private keys for authentication 1.1 don't store passphrases in files that are called after IP addresses 1.0 use names to identify
2010 Sep 17
1
friend of a friend type darknets
Hi! here a little patch for darknet functionality, i hope it does what its intended for sufficiently ... but it seems to work :). what should it do? imagine your friend-network. A trusts B and C. B trusts D and E, D trust F, C trusts G. All trust relationships are mutal A <---> C <---> G ^ \ \-----> B <---> D <---> F ^ \ \---> E
2015 Nov 22
5
Authenticating VPN addresses: a proposal
TL;DR: a proposal for a new tinc feature that allows nodes to filter ADD_SUBNET messages based on the metaconnection on which they are received, so that nodes can't impersonate each other's VPN Subnets. Similar to StrictSubnets in spirit, but way more flexible. BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK In terms of metaconnections (I'm not discussing data tunnels here), one of
2003 Sep 02
3
exact insecurity of --bypass-security ?
Hello! First, nice peace of work, thx ;->> After some production server crashes with a far too early version of FreeSWAN (abaout 3 years ago) and the unwillingness to get an OpenSSL expert just to build a VPN, I was happy to read about the rather simple configuration of tinc ("Linux Magazin", a monthly Linux paper published in Germany, gave an overview of free VPN solutions in
2004 Feb 13
1
public key format
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello! i would like to use tinc with public keys which are extracted from x509 certificates. the only public key format i was able to extract from certificates with openssl commands looked like this: - -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwXDZs8EBb/JyZ9daB3Zk9WHxD
2015 Nov 25
0
tinc exit when there is no internet?
Something to add. When this happened, it looks like tinc shutdown gracefully(not seg fault ..), because I can tell tinc-down script got implemented. Heng On Wed, Nov 25, 2015 at 6:00 AM, <tinc-request at tinc-vpn.org> wrote: > Send tinc mailing list submissions to > tinc at tinc-vpn.org > > To subscribe or unsubscribe via the World Wide Web, visit >
2013 May 21
1
Unauthorized ADD_SUBNET, but known subnet
Hi all, I'm using a tinc 1.0.19 (from Debian Squeeze) setup with some nodes connecting to a "server" node which has "StrictSubnets = yes". Whenever a new node is added to the mesh, a process generates and drops its host file in the server's host directory before the node is booted and tries to connect. For instance, I create a node "node_2" and a host file
2015 Nov 25
0
tinc exit when there is no internet?
Thanks for the reply. I am running tinc (1.0.24) in an embedded linux environment, with a pretty old kernel (2.6). I have let tinc run for almost 24 hours with internet and can't reproduce the issue. Heng On Wed, Nov 25, 2015 at 6:00 AM, <tinc-request at tinc-vpn.org> wrote: > Send tinc mailing list submissions to > tinc at tinc-vpn.org > > To subscribe or
2016 Sep 03
0
One host for forwarding only without keys
If you're using StrictSubnets, you will still be fine. StrictSubnets means that A will only use B's key (which C does not know) to send packets to B's statically configured subnets. C cannot impersonate B (as in, take its node name) because it would have to know B's private key to do so, and it cannot impersonate B's subnets because A is using StrictSubnets. The worst that C
2017 Jul 11
2
Some tinc clatifications
Il 2017-07-10 18:32 Matthew Nichols ha scritto: > 1. That entirely depends on how you have it set up (look at > StrictSubnets and TunnelServer). It might also be recommended to have > every node re-key itself (http://tinc-vpn.org/security/). I've used StrictSubnets and TunnelServer (and probably will keep using this so roadwarriors don't see eachother, though looking at the logs
2019 Mar 15
0
Reload subnet config with HUP signal
Hi, I need to re-open the thread blow. The situation is still the same. The HUP signal does not trigger reloading of subnet declarations in own hosts file (Version 1.0.35). After a quick view to the source code, file src/net.c shows in line 658 would reload subnets when using StrictSubnets only. But why? With StrictSubnets it doesn't make sense to me. I did a quick check and removed the if
2015 Nov 22
0
Authenticating VPN addresses: a proposal
There are many ways to set up and manage a VPN. Tinc's roots are a "friend network", where there is a group of nodes that all trust each other, and there is no central authority. It also works well in situations where all nodes are controlled by the same authority, for example when a sysadmin configures several nodes, like within a company that wants to link together several
2015 May 04
1
Isolating a subnet on demand
I'm still confused, but in any case, there's nothing stopping "miou" from impersonating "apeliote"'s subnets in your case, unless you use StrictSubnets. Here's the easiest way to do the spoofing: In miou's own node file (on the miou machine itself), add apeliote's subnets with a Weight smaller than 10 (which is the default), so that it overrides them.
2020 Mar 05
0
How does tinc handle "unknown cipher"?
Hi, So my Debian machines are all using the follow cipher + digest: Cipher = chacha20-poly1305 Digest = blake2b512 However my OpenWRT router does not have chacha20-poly1305 and blake2b512 in its SSL library, so it uses the following: Cipher = aes-128-cbc Digest = sha512 I am a bit surprised that the router's tinc manages to talk to Debian's tinc, when I set a cipher suite that the
2015 May 04
3
Isolating a subnet on demand
On 4 May 2015 at 20:53, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: > We started to take a look about that, and apparently, it seems that the IP > in the public key is taken into account when a client connects to a gateway. > Spoofing at that level doesn't seem easy, because the IP address seems to be > part of the authentication process. I'm having trouble
2015 Nov 24
1
Authenticating VPN addresses: a proposal
On Mon, 23 Nov 2015, Guus Sliepen wrote: > It also works in a situation where a group of people trust a central > authority which provides them with the configuration for their tinc > nodes, if StrictSubnets is used. The drawback is that an external tool > needs to be used (ChaosVPN is one such example, but there are others) > and it is not very flexible, but I would disagree that
2014 Nov 22
2
Tinc 1.0.24 build failed on OSX Mavericks
Hi, I've got the following error when tried to compile tinc-1.0.24: gcc -g -O2 -pie -L/opt/local/lib -o tincd avl_tree.o conf.o connection.o dropin.o dummy_device.o edge.o event.o fake-getaddrinfo.o fake-getnameinfo.o getopt.o getopt1.o graph.o list.o logger.o meta.o multicast_device.o net.o net_packet.o net_setup.o net_socket.o netutl.o node.o pidfile.o process.o protocol.o
2014 Jan 09
1
tinc started from /etc/network/interfaces and not from /etc/tinc/nets.boot
Hello, are there reasons why all the examples for debian and ubuntu explain how to setup tinc to start from the init job /etc/init.d/tinc and /etc/tinc/nets.boot and why there are no examples or tutorials on howto start tinc from /etc/network/interfaces ? Using /etc/network/interfaces I have a perfectly running tinc vpn with an unprivileged user, locked memory and a chroot jail plus converted
2009 Mar 26
2
Tinc over 3g problems?
Hello, I am experiencing some weird problems in a setup with tinc where communication between the 'server' and the 'clients' occur over 3g connections. Let me describe briefly the setup: - The server, on a public IP, runs tinc 1.0.8, in router mode, and the whole setup uses one VPN network. All client's VPN addresses are on the same subnet, and each client has a seperate