similar to: Public key sharing between nodes

The server has a 1G symmetrical fibre line. It has been speedtested to various local servers to be close to 800-900M. When there is only a single client, there isn't much problem and as soon as the connection is made, the ping time through to tunnel is a respectable 30ms. As soon as a few more clients are connected, ping time degrades to hundreds and sometimes seconds and with dropped packets.

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the

tinc uses direct UDP communication for performance, not reliability. If you want to establish more metaconnections for increased reliability, you can use AutoConnect (though it probably won't work across NATs). A better solution is to use two central nodes (instead of one) for redundancy. On 11 June 2015 at 18:59, Daniel J. Grinkevich <danielgrinkevich at gmail.com> wrote: > If we

Hi, I´m using Tinc for several years, but I didn´t fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo

Here is some examples of using templates for TINC configurations and settings: In your startup script, BEFORE starting TINC VPN, put a number of entries to configure your VPN: sh ./templatewriter.sh LAN LOSI101 8540 255.255.255.0 0.0.0.0 10.99.0.11 10.98.0.11 ConnectTo=LOSI102 ConnectTo= ConnectTo= **PUT MORE ENTRIES HERE FOR MORE COMPLEX VPN setups ######Templatewriter.sh #!/bin/bash

Dear list, I'm currently trying to simulate a VPN in a very simple configuration at home. My normal home-net 192.168.0.0/24 serves as "the internet". Three test machines are used, two of them connected to "the internet": odin , external IP 192.168.0.100/24 on eth0 thor , external IP 192.168.0.101/24 on eth0 My VPN uses address space 10.0.0.0/8 in the following way: odin

El 12 de febrero de 2016 16:51:59 CET, Eric Yau <ericyaukhy at hotmail.com> escribi?: >Hi All, > > > >I am trying to setup the site-to-site VPN with TINC for connect my home >network to company network. Here is the IP allocation and configuration >for >your reference. > > > >Home PC (192.168.1.2) ?-----? Home (OPENWRT Router, 192.168.1.1, >10.0.0.1)

On Friday 13 January 2017 12:40:33 Gianluca Cecchi wrote: > On Fri, Jan 13, 2017 at 12:33 PM, Gary Stainburn <gary at ringways.co.uk> > > wrote: > > Also, it was suggested that I use nmcli in a cronjob to re-activate it if > > it > > drops. I can check to see if it's still active by 'grep'ing the IP > > address, > > but I don't know the

On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote: > Today our Tinc network saw a network partition when we took one tinc node > down. > > We knew there was a network partition since the graph showed a split. This > graph is not very helpful but its what I have at the moment: > > http://i.imgur.com/XP2PSWc.png The graph is very clear. > Some questions:

Fantastic, having it in the CLI would great. It is for the reason of users losing the pub key that I ask, writing some docs for an internal network. Ah interesting, I finally found openssl does not have the 25519 curve in there(and no plans to do so looks like) but I was not aware there was non standard priv key format either. Would it make sense for the tinc -n <netname> get

Thanks Guss, some comments and questions: If you make the yellow nodes ConnectTo all other nodes, and not have > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > no ConnectTo's, then you will get the desired graph. The reason this approach is not desirable is because it fails at automation. It requires us to add a new line of AutoConnect = <new node that

You could say the same thing about computers in general: I hate them, they automated many tasks in life and took many jobs out of the market!. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer at ngtech.co.il -----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Gary Stainburn Sent: Monday, January 16, 2017

On Wed, January 18, 2017 4:24 am, Eliezer Croitoru wrote: > You could say the same thing about computers in general: > I hate them, they automated many tasks in life and took many jobs out of > the > market!. And they suck. All systems suck. And thanks to that I got my job. Valeri > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile:

On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote: > If you make the yellow nodes ConnectTo all other nodes, and not have > > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > > no ConnectTo's, then you will get the desired graph. > > The reason this approach is not desirable is because it fails at > automation. It requires us to

I'm been experiencing a very very odd problem for the past several weeks and am throwing it out in case someone can shed some light on it for me. There is a single box on our tinc mesh which can be pinged from all hosts, but cannot ping any. It is not limited to ping, the box cannot communicate over tinc. tinc is running in router mode for this mesh. ~30 other nodes function normally,

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10

Hi All, I see an unexpected beahviour from NetworkManager on CentOS 7.1. Using nmcli tool, I create a bond with two slaves as explained in the Red Hat 7.1 Networking guide. I enable slaves and master; bond works as expected. When I restart NetworkManager, it creates a new bond with the same name but not connected to any device. Two bonds with the same name is confusing for my other monitoring