Hansong Huang
2005-Aug-31 18:37 UTC
why does the server needs to have the client's host file
First I have the say TINC is great. it is the only one that I found fits my needs. I use it to create a virtual network for parallel computing using computers around labs and campus. i have a question though. suppose we work as a server A and client B setting. it is necessary for the client B to have the host file of the server A so that B knows where to find A. but why would A need to have the host file of B? compare to a common setting in conventional VPN. the VPN server does not need to know anything about a VPN client and just waits for the connection. therefore, no configuration is needed to add an extra client. when the client B initiates the connection to server A, woulnd't it possible that B announce all its configuration etc to A so that A does not need to have any information about B a priori? thanks Hansong _______________________________________________________ The FREE service that prevents junk email http://www.mailshell.com
Guus Sliepen
2005-Aug-31 18:46 UTC
why does the server needs to have the client's host file
On Sat, Aug 27, 2005 at 04:12:13PM -0700, Hansong Huang wrote:> First I have the say TINC is great. it is the only one that I found > fits my needs. I use it to create a virtual network for parallel > computing using computers around labs and campus. > > i have a question though. suppose we work as a server A and client B > setting. it is necessary for the client B to have the host file of the > server A so that B knows where to find A. but why would A need to have > the host file of B?A needs the public key of B, and that is usually stored in the host file of B. It is true that A does not need to know B's IP address if it will never initiate connections to B, you can omit the Address option from B's host config file if you want.> compare to a common setting in conventional VPN. the VPN server does > not need to know anything about a VPN client and just waits for the > connection. therefore, no configuration is needed to add an extra > client. > > when the client B initiates the connection to server A, woulnd't it > possible that B announce all its configuration etc to A so that A does > not need to have any information about B a priori?If the VPN server really doesn't know anything about B, then how does it know it is a trusted client? Perhaps you are talking about a VPN solution where the client has a certificate that is signed by a CA that is trusted by the server. However, tinc currently does not use X.509 certificates but needs to exchange public keys directly in order to establish trust relationships. There is a proof of concept version of tinc that uses the GNUTLS library, the TLS protocol and X.509 certificates, see http://www.tinc-vpn.org/svn/tinc/branches/1.0-gnutls/. However some work has to be done before that code is production quality. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20050831/b472e053/attachment.pgp