Displaying 20 results from an estimated 10000 matches similar to: "Subnet authority and trust"
2016 Sep 03
2
One host for forwarding only without keys
On 09/03/2016 10:56 AM, Etienne Dechamps wrote:
> C will still need keys in order to establish metaconnections with A and B (as
> well as a few other things). However there is no need for C to own any
> "Subnets" at all.
If somebody breaks into C, he could get access to the vpn network, right?
Because the keys are there, it will be possible to use them to get access.
Even if
2017 Dec 18
3
Create network of untrusted peers (like SocialVPN, ChaosVPN, etc)
For some weeks I've been trying to devise a way to connect multiple users in various parts of the city and state, and I found out that most likely Tinc is the only daemon that does the kind of meshing I want.
I was successful in connecting some servers of mine around in switch mode, but now comes the hard part: How can I authenticate clients on my network? I would also need to direct static
2015 Feb 01
2
Tincd fails to resolve domain names before it is started name resolution becomes available.
On Sun, Feb 1, 2015 at 11:19 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Sun, Feb 01, 2015 at 04:08:47PM +0900, crocket wrote:
>
>> If tincd is started before name resolution comes up, it keeps failing
>> for ever to resolve domain names in Address= host configuration
>> variable after name resolution becomes possible.
>>
>> I think tincd should
2017 Nov 16
3
What exactly is the meaning of "Subnet" parameter in tinc/$NETNAME/hosts/$SOMEHOSTNAME?
Hello, I am not very good at linux networking. I have read tinc documentation
multiple times and I still don't understand what the "Subnet = ..." directive
does in /etc/tinc/$NET_NAME/hosts/$HOST_NAME
Right now I have a simple virtual lan organized with tinc, and I use the
following in every device's config file (replacing the last part of the
address):
# This computer will
2015 Feb 01
4
Tincd fails to resolve domain names before it is started name resolution becomes available.
If tincd is started before name resolution comes up, it keeps failing
for ever to resolve domain names in Address= host configuration
variable after name resolution becomes possible.
I think tincd should succeed in resolving domain names after name
resolution becomes available.
2017 Aug 29
1
Behavior like -R and -L SSH
Hi All,
I've been playing around with TINC and like what I've seen so far.
I wanted a TINC tunnel like this, where I have a server on the Internet
with a public IPv4 address as my TINC server. Then I can have clients
connect to it and see each other except that the client at a customer
site would allow me to route behind it so I could see hosts on site beyond
my device on premise. I do
2015 Nov 18
1
Packet loss when using multiple subnet#weight entries
On Wed, Nov 18, 2015 at 08:25:28AM +0100, Armin Schindler wrote:
> But I have a question regarding "Subnet=" possibilities. When I have more than
> one Server acting as host for VMs and need to have automatic routing to
> all VMs on these servers, can I use tinc to create this routing automatically?
>
> My idea is to have a script which is started when a VM is
2015 Nov 15
2
Packet loss when using multiple subnet#weight entries
Hello,
I have two servers (A and B) in separate locations. Both are connected
together via two tinc switches to provide two subnets on both servers.
This works pretty good. I can start my VMs on any server connected
to one of those bridges without changing any routes.
The subnets hosted on both servers (each in a bridge) are
172.16.10.0/24 (mainly on A) and 172.16.11.0/24 (mainly on B)
Now I
2017 May 01
1
How to set Subnet in a node which act as both server and client role?
Hi, Etienne
I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example:
A ConnectTo B, B ConnectTo C:
If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B.
If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of
2015 Nov 22
5
Authenticating VPN addresses: a proposal
TL;DR: a proposal for a new tinc feature that allows nodes to filter
ADD_SUBNET messages based on the metaconnection on which they are
received, so that nodes can't impersonate each other's VPN Subnets.
Similar to StrictSubnets in spirit, but way more flexible.
BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK
In terms of metaconnections (I'm not discussing data tunnels here),
one of
2015 Jan 26
2
Windows service tincd behaves different from command line tincd
Hello,
I have 4 VM's running in Microsoft Azure. They all should have similar configurations except from their tinc ip addresses of course.
They run tinc 1.0.24. I have a 5th machine, my development machine.
I am able to ping all 4 VM's from my computer when I start tinc from the commandline (tincd -n innomeer -D -d 2).
3 of the computers also work ok when running tinc as a service
2015 May 04
3
Isolating a subnet on demand
On 4 May 2015 at 20:53, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote:
> We started to take a look about that, and apparently, it seems that the IP
> in the public key is taken into account when a client connects to a gateway.
> Spoofing at that level doesn't seem easy, because the IP address seems to be
> part of the authentication process.
I'm having trouble
2019 Oct 17
3
error while decrypting metadata
One of my hosts just rebooted for the first time in ages, and now it
won't connect to any other nodes.
The log just contains continual "error while decrypting metadata" errors.
tincd[8324]: Error while decrypting: error:060A7094:digital envelope
routines:EVP_EncryptUpdate:invalid operation
tincd[8324]: Error while decrypting metadata from fairfield_gw
(yy.yy.yy.yy port 655)
2014 May 13
1
Bug: more than one Port line in host file crashes tincd
I found a tincd crash caused by having two "Port" statements in a host's
file.
I realize this is a bug in an old version of tinc that may be fixed but I
spent the past few hours tracking it down so I'm sharing it in hopes others
can make use of this info.
I was "cleaning" up my Tinc VPN of a collection of OpenWrt routers and
tincd started crashing with "Got fatal
2017 May 06
2
Show the subnets learnt and update configuration without reset?
1. Is there any tools/command, we can show the subnet where a certain tinc nodes learnt? So that I can know the weight for certain subnet(in real time), instead of go back to the node’s (who advertise the subnet) configuration file to check.
2. So far in order to change the weight of a subnet, or something else, I have to reset the tinc daemon( tincd -k -n myvpn and then tincd -n myvpn) in
2008 Nov 12
1
Subnet / routing question
Hi,
I have been messing arroudn with tinc for a while and now I got a
configuration working like the example (4.7) from the manual
I have 3 systems, in my case system a is the only one that can be
accessed directly.
B and C connect to A
I have 3 subnets
A 5.1.0.0 gw 5.1.0.1
B 5.2.0.0 gw 5.2.0.1
C 5.3.0.0 gw 5.3.0.1
This work fine and the gateways are ip number son t he interfaces of the
3
2018 Dec 11
3
subnet flooded with lots of ADD_EDGE request
Hello,
We're suffering from sporadic network blockage(read: unable to ping
other nodes) with 1.1-pre17. Before upgrading to the 1.1-pre release,
the same network blockage also manifested itself in a pure 1.0.33
network.
The log shows that there are a lot of "Got ADD_EDGE from nodeX
(192.168.0.1 port 655) which does not match existing entry" and it
turns out that the mismatches
2015 May 04
2
Isolating a subnet on demand
Whatever you do, keep in mind that tinc will always trust all nodes as
long as they are part of the graph. It is not currently designed to
deal with insider threats. Most importantly, that means anyone can
impersonate any Subnet on a tinc network, just by changing the Subnet
declaration in their node file.
The only way around that is to use StrictSubnets, but that requires
every node to be
2018 May 24
3
Cannot ping subnet hosts
Dear all,
I am trying to configure a basic TINC vpn between two sites using OpenWRT
routers. The link seems to work, the ping between the two routers is ok,
but I can't ping hosts between the subnets behind the routers.
This is the configuration:
======== SITE 1 (CLIENT) - polimnia (subnet 192.168.4.0/24, gw 192.168.4.1)
tinc.conf
-------------
Name = polimnia
ConnectTo = calliope
2015 Feb 02
2
Tincd fails to resolve domain names before it is started name resolution becomes available.
William Kennington <william at wkennington.com> writes:
> Agreed.
> On Feb 1, 2015 4:21 AM, "Etienne Dechamps" <etienne at edechamps.fr> wrote:
>
>> Considering how cheap that operation seems to be, would it make sense
>> to call res_init() every time tinc retries a metaconnection? It's not
>> doing that very often anyway... and it would solve