similar to: Some tinc clatifications

Displaying 20 results from an estimated 6000 matches similar to: "Some tinc clatifications"

2017 Jul 11
2
Some tinc clatifications
Il 2017-07-10 18:32 Matthew Nichols ha scritto: > 1. That entirely depends on how you have it set up (look at > StrictSubnets and TunnelServer). It might also be recommended to have > every node re-key itself (http://tinc-vpn.org/security/). I've used StrictSubnets and TunnelServer (and probably will keep using this so roadwarriors don't see eachother, though looking at the logs
2017 Jul 10
0
Some tinc clatifications
1. That entirely depends on how you have it set up (look at StrictSubnets and TunnelServer). It might also be recommended to have every node re-key itself (http://tinc-vpn.org/security/). 2. No, tinc cannot do this itself. 3. That is not a bad approach. -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Alessandro Briosi Sent: Monday, July 10, 2017 1:43 AM
2015 May 05
2
Local routes passed to subnet-up
Hi all, I'm experiencing a strange problem. I have setup 2 gateways which are behind a NAT router. They are configured in Route mode and have the ips 10.0.0.1/32 and 10.0.0.2/32 on the tinc interface The also have subnets (192.168.1.0/24 and 192.168.2.0/24 respectively). Now the odd thing is that when the VPN comes up they both also add the local subnet to their routes on the tinc
2015 May 05
1
Local routes passed to subnet-up
Il 2015-05-05 13:29 Guus Sliepen ha scritto: > On Tue, May 05, 2015 at 01:18:15PM +0200, Alessandro Briosi wrote: > >> Now the odd thing is that when the VPN comes up they both also add the >> local >> subnet to their routes on the tinc interface: > [...] >> the subnet-up script runs this command: >> ip route add $SUBNET dev $INTERFACE metric $WEIGHT
2014 Feb 03
1
Avoid some hosts/networks to see each other
Hi all, I need a suggestion or just to know if it's even possible to achieve the following. There is a "central" vpn server which is my main network. I have a few other gateways (customers) which should connect to this central server (there's a firewall on this machine too) which have behind the customer network. Then I have a few single servers which still connect to my
2013 Jan 24
3
Conflicting Default Values. A trusts B. B trusts EvilNode. Does that mean A trusts EvilNode?
*You should repeat this for all nodes you ConnectTo, or which ConnectTo you. However, remember that you do not need to ConnectTo all nodes in the VPN; it is only necessary to create one or a few meta-connections, after the connections are made tinc will learn about all the other nodes in the VPN, and will automatically make other connections as necessary. * The above is from the docs. Assuming
2014 Dec 29
6
Samba4 and sssd, keytab file expires?
Hi all. I have the following setup: 1st dc is on CentOS 6 with Sernet samba 4.1.13 2nd dc is on Debian 7 with Sernet samba 4.1.13 The 2 dc work as expected. on CentOS I was able to configure sssd to work on Debian I'm using winbind Now I have a 3rd server which is CentOS 7 with samba 4.1.1 from CentOS repository. This system serves as a file server and works ok with samba, but I have a
2016 Mar 13
2
Fwd: How to avoid friends of friends joining the vpn ?
Tinc 1.0 3 control masters Many service hosts Laptop (road warrior) The control masters have the public keys for the service hosts and the laptop so that they can join the network. How can I prevent the laptop user to connect additional boxes to the network? In my view he can simply add new 'foreign' hosts and specify connectTo to point to the laptop. As keys are exchanged automatically
2017 Sep 12
2
purge doesn't remove dead nodes
Hi We have several stale nodes in our tinc network and I'd like to remove these. These nodes show up in graph dumps as red nodes, indicating they are unreachable. We run: tinc -n <vpn-name> purge Nothing happens. If we tail the logs at /var/log/syslog, we dont see an ack or message concerning the purge either. The dead nodes still show up in the graphs and their certs are still
2015 Nov 22
5
Authenticating VPN addresses: a proposal
TL;DR: a proposal for a new tinc feature that allows nodes to filter ADD_SUBNET messages based on the metaconnection on which they are received, so that nodes can't impersonate each other's VPN Subnets. Similar to StrictSubnets in spirit, but way more flexible. BACKGROUND: THE ISSUE OF TRUST IN A TINC NETWORK In terms of metaconnections (I'm not discussing data tunnels here), one of
2018 Oct 10
1
Tinc invite options
Dear All, We are trying the Tinc invites to let nodes join the network. This is working as described but we want to push some configuration for some nodes but this seemed not to be working. What is working is the following invite: Name = test_invite NetName = test_VPN ConnectTo = test_hub01 Ifconfig = 172.16.1.4/24 Subnet = 172.16.1.4
2017 Aug 29
1
Behavior like -R and -L SSH
Hi All, I've been playing around with TINC and like what I've seen so far. I wanted a TINC tunnel like this, where I have a server on the Internet with a public IPv4 address as my TINC server. Then I can have clients connect to it and see each other except that the client at a customer site would allow me to route behind it so I could see hosts on site beyond my device on premise. I do
2017 Jul 11
0
Some tinc clatifications
On Tue, Jul 11, 2017 at 09:58:39AM +0200, Alessandro Briosi wrote: > I understand on a security bug or something, but having to rekey all the > hosts 'cause someone gets fired to me it sounds insane. > There must be an easy way to block somebody from connecting to the VPN? > Isn't removing it's reference on the "servers" enough? The proper way is to remove the
2014 Jan 09
1
tinc started from /etc/network/interfaces and not from /etc/tinc/nets.boot
Hello, are there reasons why all the examples for debian and ubuntu explain how to setup tinc to start from the init job /etc/init.d/tinc and /etc/tinc/nets.boot and why there are no examples or tutorials on howto start tinc from /etc/network/interfaces ? Using /etc/network/interfaces I have a perfectly running tinc vpn with an unprivileged user, locked memory and a chroot jail plus converted
2018 Apr 22
4
Reconstructing files from shards
Il dom 22 apr 2018, 10:46 Alessandro Briosi <ab1 at metalit.com> ha scritto: > Imho the easiest path would be to turn off sharding on the volume and > simply do a copy of the files (to a different directory, or rename and > then copy i.e.) > > This should simply store the files without sharding. > If you turn off sharding on a sharded volume with data in it, all sharded
2014 Dec 31
4
Fwd: Re: Samba4 and sssd, keytab file expires?
Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line
2017 Oct 24
2
create volume in two different Data Centers
thanks for answering. But I have to setup and test it myself and record the result. Can you guide me a little more. The problem is, one valid ip for each data centers exist, and each data centers have 3 servers. How should I config the network in which the server bricks see each other to create a glusterfs volume? On Tue, Oct 24, 2017 at 1:47 PM, <lemonnierk at ulrar.net> wrote: > Hi,
2017 Oct 24
0
create volume in two different Data Centers
Il 24/10/2017 12:45, atris adam ha scritto: > thanks for answering. But I have to setup and test it myself and > record the result. Can you guide me a little more. The problem is, one > valid ip for each data centers exist, and each data centers have 3 > servers. How should I config the network in which the server bricks > see each other to create a glusterfs volume? > I would
2015 Jan 15
1
Fwd: Re: Samba4 and sssd, keytab file expires?
Hi Rowland, this posting ended a lot of grief I had with expired keytabs. While this is presumably an issue of sssd, I have no chance to attack the issue right at its root*). But rejoining the domain with the lines dedicated keytab file = /etc/krb5.memberserver.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes seems to fix it. Phew... Maybe You or someone
2014 Dec 31
2
Fwd: Re: Samba4 and sssd, keytab file expires?
>> Hi, how have you setup the fileserver ? >> Is it joined to the domain ? >> Can you post your fileservers smb.conf >> Rowland OT: Oops, wasn't subscribed to the mailing list :) Yes, server is joined to the domain (otherwise I would not be able to generate the principal) Server configuration is following (only global part), winbind config is there because it was