similar to: Public key sharing between nodes

The server has a 1G symmetrical fibre line. It has been speedtested to various local servers to be close to 800-900M. When there is only a single client, there isn't much problem and as soon as the connection is made, the ping time through to tunnel is a respectable 30ms. As soon as a few more clients are connected, ping time degrades to hundreds and sometimes seconds and with dropped packets.

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the

tinc uses direct UDP communication for performance, not reliability. If you want to establish more metaconnections for increased reliability, you can use AutoConnect (though it probably won't work across NATs). A better solution is to use two central nodes (instead of one) for redundancy. On 11 June 2015 at 18:59, Daniel J. Grinkevich <danielgrinkevich at gmail.com> wrote: > If we

Here is some examples of using templates for TINC configurations and settings: In your startup script, BEFORE starting TINC VPN, put a number of entries to configure your VPN: sh ./templatewriter.sh LAN LOSI101 8540 255.255.255.0 0.0.0.0 10.99.0.11 10.98.0.11 ConnectTo=LOSI102 ConnectTo= ConnectTo= **PUT MORE ENTRIES HERE FOR MORE COMPLEX VPN setups ######Templatewriter.sh #!/bin/bash

On Friday 13 January 2017 12:40:33 Gianluca Cecchi wrote: > On Fri, Jan 13, 2017 at 12:33 PM, Gary Stainburn <gary at ringways.co.uk> > > wrote: > > Also, it was suggested that I use nmcli in a cronjob to re-activate it if > > it > > drops. I can check to see if it's still active by 'grep'ing the IP > > address, > > but I don't know the

On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote: > Today our Tinc network saw a network partition when we took one tinc node > down. > > We knew there was a network partition since the graph showed a split. This > graph is not very helpful but its what I have at the moment: > > http://i.imgur.com/XP2PSWc.png The graph is very clear. > Some questions:

Fantastic, having it in the CLI would great. It is for the reason of users losing the pub key that I ask, writing some docs for an internal network. Ah interesting, I finally found openssl does not have the 25519 curve in there(and no plans to do so looks like) but I was not aware there was non standard priv key format either. Would it make sense for the tinc -n <netname> get

Thanks Guss, some comments and questions: If you make the yellow nodes ConnectTo all other nodes, and not have > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > no ConnectTo's, then you will get the desired graph. The reason this approach is not desirable is because it fails at automation. It requires us to add a new line of AutoConnect = <new node that

You could say the same thing about computers in general: I hate them, they automated many tasks in life and took many jobs out of the market!. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer at ngtech.co.il -----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Gary Stainburn Sent: Monday, January 16, 2017

On Wed, January 18, 2017 4:24 am, Eliezer Croitoru wrote: > You could say the same thing about computers in general: > I hate them, they automated many tasks in life and took many jobs out of > the > market!. And they suck. All systems suck. And thanks to that I got my job. Valeri > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile:

On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote: > If you make the yellow nodes ConnectTo all other nodes, and not have > > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > > no ConnectTo's, then you will get the desired graph. > > The reason this approach is not desirable is because it fails at > automation. It requires us to

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10

Hi All, I see an unexpected beahviour from NetworkManager on CentOS 7.1. Using nmcli tool, I create a bond with two slaves as explained in the Red Hat 7.1 Networking guide. I enable slaves and master; bond works as expected. When I restart NetworkManager, it creates a new bond with the same name but not connected to any device. Two bonds with the same name is confusing for my other monitoring

On Fri, Jan 13, 2017 at 12:33 PM, Gary Stainburn <gary at ringways.co.uk> wrote: > > > Also, it was suggested that I use nmcli in a cronjob to re-activate it if > it > drops. I can check to see if it's still active by 'grep'ing the IP > address, > but I don't know the nmcli to re-activate an existing WIFI connection. > > Can anyone help here too,

On 07/07/16 05:21 PM, Joe Smithian wrote: > Hi All, > > I see an unexpected beahviour from NetworkManager on CentOS 7.1. > Using nmcli tool, I create a bond with two slaves as explained in the Red > Hat 7.1 Networking guide. I enable slaves and master; bond works as > expected. > When I restart NetworkManager, it creates a new bond with the same name but > not connected to

Hi Neil, Thanks for your comments. What's the purpose of creating spurious ?bond0?? It's confusing. Is it anywhere documented? Every time I restart NetworkManager it creates another bond0! Joe On Thu, Jul 7, 2016 at 5:44 PM, Digimer <lists at alteeve.ca> wrote: > On 07/07/16 05:36 PM, Digimer wrote: > > On 07/07/16 05:21 PM, Joe Smithian wrote: > >> Hi All, >

On Thu, Aug 31, 2017 at 10:40:39AM -0700, Nirmal Thacker wrote: > Following your suggestion we reconfigured our tinc network as follows. > Here is a new graph and below is our updated configuration: > http://imgur.com/a/n6ksh [...] > We are concerned that: > - We still dont see edges in the graph that show connections between every > blue labeled node to both the yellow labeled