similar to: Way to verify the public key?

Yes, slides will be available afterwards. Additionally, a very similar talk will be presented at SCALE this year as well. Do you have any more info about how tinc is used by NYC mesh? Ben On Sun, Nov 15, 2015 at 3:55 PM, Daniel J. Grinkevich < danielgrinkevich at gmail.com> wrote: > Will the slides be posted after the talk? > > We use tinc for NYC Mesh to connect nodes that do

We are running tinc (v. 1.0.26) in switch mode with bmx6 (another mesh protocol) running on top of the tap0 interface on about 25 devices. The asymmetric routing of UDP packets is causing my firewall and I presume others to drop some of the packets, since there are no outbound SYN packets originating from the device running tinc. Is there any way to mitigate this issue besides enabling tcponly

We have a handful of nodes set up. Some are NAT'd but a few have direct access to the Internet. Sample confs: HostA: Name = HostA AddressFamily = any Interface = tap0 Mode = switch Connectto = HostB GraphDumpFile = /tmp/mesh HostB: Name = HostB AddressFamily = any Interface = tap0 Mode = switch Connectto = HostA GraphDumpFile = /tmp/mesh And so on. If I use HostA as the main meta sever.

Hi tincfolks, I'd like to announce that we're planning a talk [1] about tinc and some of the uses that we've developed for it. It'll be given at FOSSETCON 2015 [2] in Orlando, Florida on Nov 19-21. If anybody is in the area, please consider attending. Ben [1] http://www.fossetcon.org/2015/sessions/secure-peer-networking-tinc [2] http://www.fossetcon.org/ -------------- next part

I?ve been having the same issue with Ubuntu, thankfully we have access to Upstart: ``` start on (local-filesystems and net-device-up IFACE!=lo) stop on stopping network-services author "Mark Lopez" description "Tinc Upstart Job" version "0.1" env network=master respawn exec /usr/sbin/tincd -n "$network" -D --debug=3 --logfile ``` I removed the default

Will the slides be posted after the talk? We use tinc for NYC Mesh to connect nodes that do not have line of sight. Dan On Sun, Nov 15, 2015 at 6:47 PM, Benjamin Kero <ben.kero at gmail.com> wrote: > Hi tincfolks, > > I'd like to announce that we're planning a talk [1] about tinc and some of > the uses that we've developed for it. It'll be given at FOSSETCON

This is what we use on our routers, running once a minute via crontab. > if pgrep "tincd" >/dev/null; then > echo "tincd is running" > else > echo "tincd isn't running, restarting" > tincd -n nycmesh > fi On Fri, Jan 29, 2016 at 9:07 AM, pjv <pjv at pjv.me> wrote: > I have tinc 1.1pre11 running on various routers and linux

I have tinc 1.1pre11 running on various routers and linux cloud servers. On one of the cloud servers, under Ubuntu 12.04, tinc is mysteriously dying once in a while, leaving a dangling PID. I have been unable to track down why it is dying, but it happens infrequently enough that I care less about why it is dying than how to robustly respawn it when it dies. Before I re-invent the wheel, has

tinc uses direct UDP communication for performance, not reliability. If you want to establish more metaconnections for increased reliability, you can use AutoConnect (though it probably won't work across NATs). A better solution is to use two central nodes (instead of one) for redundancy. On 11 June 2015 at 18:59, Daniel J. Grinkevich <danielgrinkevich at gmail.com> wrote: > If we

On Wed, Jan 14, 2015 at 12:28:00PM +0000, Martin wrote: > Is there any way to obtain the public key from the private key? > I know it's in host file however for the purpose of this message I need to > be able to generate it on the command line. > I tried > > openssl ec < ed25519_key.priv > > I get an error > > read EC key > unable to load Key >

Fantastic, having it in the CLI would great. It is for the reason of users losing the pub key that I ask, writing some docs for an internal network. Ah interesting, I finally found openssl does not have the 25519 curve in there(and no plans to do so looks like) but I was not aware there was non standard priv key format either. Would it make sense for the tinc -n <netname> get

On Wed, Jan 14, 2015 at 02:17:31PM +0000, Martin wrote: > Fantastic, having it in the CLI would great. It is for the reason of users > losing the pub key that I ask, writing some docs for an internal network. > Ah interesting, I finally found openssl does not have the 25519 curve in > there(and no plans to do so looks like) but I was not aware there was non > standard priv key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello! i would like to use tinc with public keys which are extracted from x509 certificates. the only public key format i was able to extract from certificates with openssl commands looked like this: - -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwXDZs8EBb/JyZ9daB3Zk9WHxD

Hello tinc users, I have been trying to work out how key exchange/hosts file sharing in tinc 1.1 works. My topology is straightforward, a "super" always-online node A to which remote nodes B, C, ... (and so on) ConnectTo = A, to discover each other via AutoConnect (that's on by default in tinc 1.1pre17) Only super A has host files with Ed25519 keys for every node on the network.

On Tue, Jan 26, 2016 at 07:35:10PM +0100, Anton Voyl wrote: > Is it possible to sign/verify data with the ed25519 keys of a tinc 1.1 host? In principle yes, but tinc does not offer a way to do that. Also, reusing a key for another purpose is not recommended. What do you want to do exactly? > More specifically, is it possible to sign a file with these keys using openssl? If so, how? If

My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify. Does this make sense ? @ > Le 26 janv. 2016 ? 20:19, Guus Sliepen <guus at tinc-vpn.org> a ?crit : > >> On Tue, Jan 26, 2016 at 07:35:10PM +0100, Anton Voyl wrote: >> >> Is it possible to sign/verify data with the ed25519

Is there any way to obtain the public key from the private key? I know it's in host file however for the purpose of this message I need to be able to generate it on the command line. I tried openssl ec < ed25519_key.priv I get an error read EC key unable to load Key 140092556813984:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

I'm writing a storage app for storing the Ed25519 pub keys and want to do some basic verification when a user submits their public key. Is it just A-Za-z0-9 ? or can it contain special chars as well? I'm assuming it will be in the range of printable characters? Martin -------------- next part -------------- An HTML attachment was scrubbed... URL:

On Tue, Jan 26, 2016 at 08:52:29PM +0100, Guus Sliepen wrote: > > My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify. > > > > Does this make sense ? > > Yes, that does make a lot of sense. I'll see if I can add a safe way to > sign/verify arbitrary data with the tinc

On Tue, Jan 26, 2016 at 08:35:15PM +0100, Anton Voyl wrote: > My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify. > > Does this make sense ? Yes, that does make a lot of sense. I'll see if I can add a safe way to sign/verify arbitrary data with the tinc command. -- Met vriendelijke groet /