Displaying 20 results from an estimated 2000 matches similar to: "Public key sharing between nodes"
2016 May 06
1
Lots of Flushing x bytes to y would block messages
The server has a 1G symmetrical fibre line. It has been speedtested to
various local servers to be close to 800-900M. When there is only a single
client, there isn't much problem and as soon as the connection is made, the
ping time through to tunnel is a respectable 30ms. As soon as a few more
clients are connected, ping time degrades to hundreds and sometimes seconds
and with dropped packets.
2014 Dec 27
6
[Announcement] Tinc version 1.1pre11 released
With pleasure we announce the release of tinc version 1.1pre11. Here is
a summary of the changes:
* Added a "network" command to list or switch networks.
* Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new
protocol.
* AutoConnect is now a boolean option, when enabled tinc always tries
to keep at least three meta-connections open.
* The new protocol now
2014 Dec 27
6
[Announcement] Tinc version 1.1pre11 released
With pleasure we announce the release of tinc version 1.1pre11. Here is
a summary of the changes:
* Added a "network" command to list or switch networks.
* Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new
protocol.
* AutoConnect is now a boolean option, when enabled tinc always tries
to keep at least three meta-connections open.
* The new protocol now
2018 Oct 08
1
[Announcement] Tinc version 1.0.35 and 1.1pre17 released
Because of security vulnerabilities in tinc that have recently been
discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of
the changes in tinc 1.0.35:
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
Here is a summery of the changes in tinc 1.1pre17:
* Prevent oracle attacks in the
2018 Oct 08
1
[Announcement] Tinc version 1.0.35 and 1.1pre17 released
Because of security vulnerabilities in tinc that have recently been
discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of
the changes in tinc 1.0.35:
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
Here is a summery of the changes in tinc 1.1pre17:
* Prevent oracle attacks in the
2015 Jun 11
0
tinc as layer 2 switch doesn't automatically mesh with other nodes
tinc uses direct UDP communication for performance, not reliability.
If you want to establish more metaconnections for increased
reliability, you can use AutoConnect (though it probably won't work
across NATs). A better solution is to use two central nodes (instead
of one) for redundancy.
On 11 June 2015 at 18:59, Daniel J. Grinkevich
<danielgrinkevich at gmail.com> wrote:
> If we
2015 Jan 12
1
SIMPLE TINC template example
Here is some examples of using templates for TINC configurations and
settings:
In your startup script, BEFORE starting TINC VPN, put a number of
entries to configure your VPN:
sh ./templatewriter.sh LAN LOSI101 8540 255.255.255.0 0.0.0.0 10.99.0.11
10.98.0.11 ConnectTo=LOSI102 ConnectTo= ConnectTo=
**PUT MORE ENTRIES HERE FOR MORE COMPLEX VPN setups
######Templatewriter.sh
#!/bin/bash
2017 Jan 16
0
Reliable way of having both LAN and WIFI on headless box
On Friday 13 January 2017 12:40:33 Gianluca Cecchi wrote:
> On Fri, Jan 13, 2017 at 12:33 PM, Gary Stainburn <gary at ringways.co.uk>
>
> wrote:
> > Also, it was suggested that I use nmcli in a cronjob to re-activate it if
> > it
> > drops. I can check to see if it's still active by 'grep'ing the IP
> > address,
> > but I don't know the
2017 Aug 22
0
using both ConnectTo and AutoConnect to avoid network partitions
On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote:
> Today our Tinc network saw a network partition when we took one tinc node
> down.
>
> We knew there was a network partition since the graph showed a split. This
> graph is not very helpful but its what I have at the moment:
>
> http://i.imgur.com/XP2PSWc.png
The graph is very clear.
> Some questions:
2015 Jan 14
2
Obtain public key
Fantastic, having it in the CLI would great. It is for the reason of users
losing the pub key that I ask, writing some docs for an internal network.
Ah interesting, I finally found openssl does not have the 25519 curve in
there(and no plans to do so looks like) but I was not aware there was non
standard priv key format either.
Would it make sense for the
tinc -n <netname> get
2017 Aug 31
2
using both ConnectTo and AutoConnect to avoid network partitions
Thanks Guss, some comments and questions:
If you make the yellow nodes ConnectTo all other nodes, and not have
> AutoConnect = yes, and the other nodes just have AutoConnect = yes but
> no ConnectTo's, then you will get the desired graph.
The reason this approach is not desirable is because it fails at
automation. It requires us to add a new line of AutoConnect = <new node
that
2017 Jan 18
2
Reliable way of having both LAN and WIFI on headless box
You could say the same thing about computers in general:
I hate them, they automated many tasks in life and took many jobs out of the
market!.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Gary Stainburn
Sent: Monday, January 16, 2017
2017 Jan 18
0
Reliable way of having both LAN and WIFI on headless box
On Wed, January 18, 2017 4:24 am, Eliezer Croitoru wrote:
> You could say the same thing about computers in general:
> I hate them, they automated many tasks in life and took many jobs out of
> the
> market!.
And they suck. All systems suck. And thanks to that I got my job.
Valeri
>
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile:
2017 Aug 31
0
using both ConnectTo and AutoConnect to avoid network partitions
On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote:
> If you make the yellow nodes ConnectTo all other nodes, and not have
> > AutoConnect = yes, and the other nodes just have AutoConnect = yes but
> > no ConnectTo's, then you will get the desired graph.
>
> The reason this approach is not desirable is because it fails at
> automation. It requires us to
2017 Aug 22
3
using both ConnectTo and AutoConnect to avoid network partitions
Hi Guus
Thanks for clarifying. Some follow up questions:
- How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to
upgrade to?
- What is the workaround until we patch with this fix? Using a combination
of AutoConnect and ConnectTo?
- When we use ConnectTo, is it mandatory to have a cert file in the hosts/*
dir with an IP to ConnectTo ?
-nirmal
On Tue, Aug 22, 2017 at 12:10
2016 Jul 07
2
NetworkManger creates extra bonds; is this a bug?
Hi All,
I see an unexpected beahviour from NetworkManager on CentOS 7.1.
Using nmcli tool, I create a bond with two slaves as explained in the Red
Hat 7.1 Networking guide. I enable slaves and master; bond works as
expected.
When I restart NetworkManager, it creates a new bond with the same name but
not connected to any device. Two bonds with the same name is confusing for
my other monitoring
2017 Jan 13
2
Reliable way of having both LAN and WIFI on headless box
On Fri, Jan 13, 2017 at 12:33 PM, Gary Stainburn <gary at ringways.co.uk>
wrote:
>
>
> Also, it was suggested that I use nmcli in a cronjob to re-activate it if
> it
> drops. I can check to see if it's still active by 'grep'ing the IP
> address,
> but I don't know the nmcli to re-activate an existing WIFI connection.
>
> Can anyone help here too,
2016 Jul 07
0
NetworkManger creates extra bonds; is this a bug?
On 07/07/16 05:21 PM, Joe Smithian wrote:
> Hi All,
>
> I see an unexpected beahviour from NetworkManager on CentOS 7.1.
> Using nmcli tool, I create a bond with two slaves as explained in the Red
> Hat 7.1 Networking guide. I enable slaves and master; bond works as
> expected.
> When I restart NetworkManager, it creates a new bond with the same name but
> not connected to
2016 Jul 11
0
NetworkManger creates extra bonds; is this a bug?
Hi Neil,
Thanks for your comments. What's the purpose of creating spurious ?bond0??
It's confusing. Is it anywhere documented?
Every time I restart NetworkManager it creates another bond0!
Joe
On Thu, Jul 7, 2016 at 5:44 PM, Digimer <lists at alteeve.ca> wrote:
> On 07/07/16 05:36 PM, Digimer wrote:
> > On 07/07/16 05:21 PM, Joe Smithian wrote:
> >> Hi All,
>
2017 Aug 31
0
using both ConnectTo and AutoConnect to avoid network partitions
On Thu, Aug 31, 2017 at 10:40:39AM -0700, Nirmal Thacker wrote:
> Following your suggestion we reconfigured our tinc network as follows.
> Here is a new graph and below is our updated configuration:
> http://imgur.com/a/n6ksh
[...]
> We are concerned that:
> - We still dont see edges in the graph that show connections between every
> blue labeled node to both the yellow labeled