similar to: TINC config files layout not human or script friendly

Hello Tinc users & Guss: I was sleeping last night and I figured out how to accomplish everything I ranted about below with no source code changes to TINC. The first thing to do is create TEMPLATES for tinc.conf, tinc-up, and the NODE files. Then during the startup script, use the linux cp command and sed to copy the template to the correct name and sed to text replace

Oops, did I forget to mention how good a design the REST of tinc is, operationally speaking. Config files aside, it is a really good VPN. md On 1/11/2015 10:05 PM, md at rpzdesign.com wrote: > I would say the weakest part of the TINC design is the configuration > file layout. > > There is no way to split out the essentially static configuration for > all nodes in the cluster and

Hi, Thanks for the link :) I guess we'll just end up having 2 separate VPNs, eventually. Have a good evening! > There is no centralized way to remove a subnet or block a user. A user > is authorized to be on the network by other nodes that have his/her > public key. If you delete the offending host config files and let tinc > reload its configuration, you can remove a bad node

Hi, We just found the tinc, looks like it is really a better VPN solution than traditional VPN, I am wondering, is there some cases we can refer, like is there some big cluster running in the production environment ? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi! I'm setting up a VPN with friends of mine, and we are currently considering the possibility to opening the subnet to more people. Considering that one day or another we may have to isolate a subnet (because of bad behaviour, or because it has been compromised), which solution(s) would you recommend for such a situation?

hi. I suggest you to look at "Automatic Dependencies" in https://www.freedesktop.org/software/systemd/man/systemd.service.html. I think using "After=" and "Recuires=" is more suitable. On Mon, Feb 29, 2016 at 4:48 PM, md at rpzdesign.com <md at rpzdesign.com> wrote: > Hello Tinc'ers: > > I want to use TIncVPN in a systemd Ubuntu environment.

Hello, At OHM2013 (https://ohm2013.org/site/), there will be a lightning talk about tinc, and a workshop setting up tinc VPNs at the Milliways village. An exact time is not known yet but will follow later. OHM2013 will take place from July 31 to August 4 at the Geestmerambacht festival grounds, near Alkmaar, in the Netherlands. If you would like to meet at OHM2013 with other people using or

Hello, At OHM2013 (https://ohm2013.org/site/), there will be a lightning talk about tinc, and a workshop setting up tinc VPNs at the Milliways village. An exact time is not known yet but will follow later. OHM2013 will take place from July 31 to August 4 at the Geestmerambacht festival grounds, near Alkmaar, in the Netherlands. If you would like to meet at OHM2013 with other people using or

As if our lives were not already complex enough, there is the recent Wall Street Journal article about ipv4 exhaustion: http://www.wsj.com/articles/coming-this-summer-u-s-will-run-out-of-internet-addresses-1431479401 Is the latest version TINC ready for IpV6? Help us Obi-Wan-Sleipen, you are our only hope! md -- No spell checkers were harmed during the creation of this message.

On Fri, Dec 12, 2014 at 02:21:08AM -0500, md at rpzdesign.com wrote: > Oops, I got it to work only after putting the WAN on port 656 so it > did not interfere with port 655 for the LAN. You should not need to have two tinc daemons just because you have a WAN and a LAN interface. By default (ie, if you don't specify BindToAddress and/or BindToInterface), tinc listens on all interfaces,

Hi all! Is there any way to make tinc use keys from a keyring or similar? I'm trying to find a way to manage multiple server, making it easier to register a new user to the network. Thanks! -- Martin Iñaki Malerba inakimmalerba at gmail.com inaki at satellogic.com

Tried to Build Tinc. Linker was confused, Makefile lacking reference to -ltinfo I guess. FYI. root at rpzcentos tinc-1.1pre10]# make make all-recursive make[1]: Entering directory `/adev/tinc-1.1pre10' Making all in m4 make[2]: Entering directory `/adev/tinc-1.1pre10/m4' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/adev/tinc-1.1pre10/m4' Making all in

On Tue, Mar 01, 2016 at 04:31:13AM -0600, md at rpzdesign.com wrote: > Where do I get information about the details of not needing a tinc-up script > anymore? (/etc/network/interfaces) You can just use the normal /etc/network/interfaces way of configuring the interface, like this: iface vpn inet manual address 192.168.1.1 netmask 255.255.255.0 tinc-net <netname> > Also,

Hi, I am looking networking together about 1000-2000 sites across the country. I've been looking through these mailing lists. Saw the thread from the person who had 1000+ running on Amazon, and how they essentially stripped all security out of it. Also know that the ChaosVPN uses tinc, for at least 130+ sites although I'm a bit fuzzy on the details for it. Are there any other cases of

For some weeks I've been trying to devise a way to connect multiple users in various parts of the city and state, and I found out that most likely Tinc is the only daemon that does the kind of meshing I want. I was successful in connecting some servers of mine around in switch mode, but now comes the hard part: How can I authenticate clients on my network? I would also need to direct static

Hello: The documentation does not have the following use cases very well defined or described. I have created a PDF file that Tinc-VPN can use to public and I would be happy to make more PDF files for usage with the examples on the web site. There are 2 pages in the PDF file attached, the first page is a production setup and the page is a test setup wholly contained within a single server. IS

Gus: I guess my primary point of confusion is that the non-vpn LAN ip addresses are duplicated in each cluster. So within a cluster, the LAN addresses are unique. But when you look at 2 clusters, 2 different servers share the 10.99.0.11 address. So that is why I created a VPN for inside the cluster on the LAN interfaces using the private 10.0.1.xx range. THen, I created a separate VPN on the

On Mon, Dec 08, 2014 at 11:02:24PM -0500, md at rpzdesign.com wrote: > The self contained example is tricky because I created 4 ip-address on > the eth0 device (192.168.1.30/31/32/33) so I could test a 4 node VPN > that lives entirely within a single server. That's quite hard to do, it's far easier to run four instances of tinc on four different ports on the same machine. >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gus & Tinc-VPN List: It looks like I need to run 2 instances of tincd on each server. 1 instance of tincd will responsible for running a VPN over the LAN on eth1. This means Class C addresses from 10.0.1.10 -> 10.0.1.250 Another instance of tincd will be responsible for running a VPN over the WAN on eth0. This means Class C addresses from

yes, I have these in C host file: Subnet=10.10.0.0/24 Subnet=0.0.0.0/1 Subnet=128.0.0.0/1 ## not metioned, because I think is maybe works in same as 0.0.0.0/1 B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1 I only added one route to 5.6.7.8 via B, not via C On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at gmail.com> wrote: > hi. > > Are you add only