similar to: Create network of untrusted peers (like SocialVPN, ChaosVPN, etc)

Thanks! Will get in touch with the author about the security implications. ---- On Seg, 18 dez 2017 20:03:21 -0200 Azul <mail at azulinho.com> wrote ---- I use https://github.com/JeevesTakesOver/Railtrack/blob/master/README.rst however in my setup I do trust the nodes in the VPN, so this may not exactly work out for what you want I tested ZeroTier for some time

On Mon, Dec 18, 2017 at 11:37 AM, Glauber Ferreira <glaubermmf at gmcomms.com.br> wrote: > What other kind of attacks should I be aware of? > (Impersonation, Any kinds of malicious broadcasts, etc) Possibly relevant: http://www.tinc-vpn.org/pipermail/tinc/2017-May/004864.html Etienne Dechamps wrote: > In general however, I would advise against trusting other nodes, even with >

Suppose tinc is installed on 100 routers in 100 sites. How to automate site-site vpn management across 100 sites? Some kind of vpn management solution? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180329/90f0198d/attachment.html>

Hi Guys, Say when tinc is running all good, the "server" contains all the key files of clients. If we remove the key file for client A during run, how long before does server find out the key file is gone? I see a "KeyExpire" option in the conf file, is this the time? In my own experiment, the client will still be able to connect to the tinc network even if the key file is

Hi all, I'm currently happily using tinc in my networks. I also use OpenVPN based on the customer requirements. I though have some questions which I could not find a clear answer. What I'd like to know is: 1. How to revoke a "node", simply removing the host file on the servers is enough? And one created by invitation? 2. Is there a way to let tinc ask for a username/password

Or just set up sane firewall rules to allow the two to talk, but block external traffic. I have run this way for years - all add'rs ar IANA in a subnet block, and just that block is open locally, and all other external IP's severely restricted, and NUT works great . . . - Tim On September 12, 2016 11:47:28 AM CDT, "Stuart D. Gathman" <stuart at gathman.org> wrote: >On

Tough to get a spoofed IP to actually route back to it's host though, so other than those unfortunate to be on a flat network, still not too much of an issue . . . - Tim On 09/12/2016 04:46 PM, Stuart D. Gathman wrote: > On Mon, 12 Sep 2016, Tim Dawson wrote: > >> Or just set up sane firewall rules to allow the two to talk, but block >> external traffic. I have run this

Hi, thank for getting back. I'll answer the questions, but I've already gave up on tinc and switch to zerotier-one. On 2020-07-27 5:10 p.m., borg at uu3.net wrote: > Hi. I have few questions out of curiosity.. Cant help for now with > your problem... > > What version is crashing? 1.1 or 1.0 ? 1.1 is crashing > > How your network is segmented..? > I use tinc myself

This part I have to answer on-list: > On 29 Mar 2018, at 17:50 , al so <volkswak at gmail.com> wrote: > > automation refers to day to day vpn management from non-IT layman... not a geek running shell/ansible scrpits. Dear Also / Volk Swak TINC have it’s uses and place in the VPN environment. Perhaps you could/should consider https://pritunl.com/ <https://pritunl.com/> or

On Wed, 15 Jul 2020, Peter Stuge wrote: > is GPL-licensed, so a derivative of that can't be integrated into OpenSSH. A derivative of it, that exposes a general API to do tap-device-like things using stdio and command line options, could be called over its general API from OpenSSH though. Even be developed separately (this would, in fact, even help). bye, //mirabilos -- ?MyISAM tables

Hi can anyone please help. I have two linux servers both with static IPs not using NAT. My slave can't connect to my host. Whatever I try. I have the same setup also on my LAN with two other machines and they talk to each other and work great. But my two machines with their own static IPs don't want to play. I've used the same settings for these as I have on my LAN, with a master

curiosity: are there routers out there supporting tinc natively? for a typical host -connectTo-> mainTincBoxes I use Railtrack https://github.com/JeevesTakesOver/Railtrack however it looks to me that your question was more about orchestration, python fabric or ansible are probably your best options for this task On Thu, 29 Mar 2018 at 09:40, al so <volkswak at gmail.com> wrote:

Hi, I am currently using the L2 tunnel feature of ssh between two Linux machines, and it works beautifully! As a result, I have come to prefer a workflow that uses an L2 tunnel, but I can't seem to find a long-term solution for this workflow on macOS. At the moment, tap devices on macOS can be generated using a kernel extension like tuntaposx <http://tuntaposx.sourceforge.net/>;

Hi all, I have a network with about ~800. The network is a mix of tinc 1.0 and 1.1 nodes. It is gradually expanding for several years now. The problem is that at some point it seams the daemon can not handle the processing of the new connection and the edges. There are 3 major nodes in the system and every other node initially makes connection to one of them. Now after a lot of debugging

If you just want active/standby, you can simply use corosync/pacemaker as other already suggest and don?t use Director. I have a dovecot HA server that uses floating IP and pacemaker to managed it, and it works quite well. The only real hard part is having a HA storage. You can simply use a NFS storage shared by both servers (as long as only one has the floating IP, you won?t have issue with the

On Mon, 12 Sep 2016, Tim Dawson wrote: > Or just set up sane firewall rules to allow the two to talk, but block > external traffic. I have run this way for years - all add'rs ar IANA in a > subnet block, and just that block is open locally, and all other external > IP's severely restricted, and NUT works great . . . Yeah, but IANA ips are easy to spoof. With cjdns, you allow

HI again, Sorry I didn't mean to cause a security debate. I'd like things to be secure of course, but I've got a dilema that I don't use DHCP and instead have a block of static IPs from my ISP. So my nut server has 68.68.452.02 for example and my two slave clients have 68.68.452.03 and .04 ideally I'd like to allow access for the whole static IP block to access the nut

Hi, Thanks for the link :) I guess we'll just end up having 2 separate VPNs, eventually. Have a good evening! > There is no centralized way to remove a subnet or block a user. A user > is authorized to be on the network by other nodes that have his/her > public key. If you delete the offending host config files and let tinc > reload its configuration, you can remove a bad node

Hi, We just found the tinc, looks like it is really a better VPN solution than traditional VPN, I am wondering, is there some cases we can refer, like is there some big cluster running in the production environment ? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi! I'm setting up a VPN with friends of mine, and we are currently considering the possibility to opening the subnet to more people. Considering that one day or another we may have to isolate a subnet (because of bad behaviour, or because it has been compromised), which solution(s) would you recommend for such a situation?