tinc - Apr 2010 - Use glpi-project plugin to manage tinc keys...

Anyone found a way to use glpi-project.org, ocsinventory-ng.org, or
FusionInventory.org to manage tinc keys?  These LinMacWin projects are
used to manage an enterprise of machines.  So all the machine info is
already there and  a plugin or api call could be used to handle tinc
specifics.   GLPI can store files pertaining to a particular machine.
The drawback would be that tinc would have to be modified to lookup
keys from glpi.  Alternatively, use an ocs tinc installation package
to pull down keys for a particular group and push a key back to the
repository upon creation by tinc.

On Wed, Apr 21, 2010 at 08:12:49AM -0500, Rob Townley wrote:
> Anyone found a way to use glpi-project.org, ocsinventory-ng.org, or
> FusionInventory.org to manage tinc keys?
I hope you mean only the public keys? I have not heard about these projects
before today.
> These LinMacWin projects are used to manage an enterprise of machines.  So
> all the machine info is already there and  a plugin or api call could be
used
> to handle tinc specifics. GLPI can store files pertaining to a particular
> machine.  The drawback would be that tinc would have to be modified to
lookup
> keys from glpi.  Alternatively, use an ocs tinc installation package to
pull
> down keys for a particular group and push a key back to the repository upon
> creation by tinc.
Someone who works with such projects would have to write such an installer.
Alternatively, have a look at ChaosVPN, which is a wrapper around tinc which
pulls keys and config files from a central repository:

https://wiki.hamburg.ccc.de/index.php/ChaosVPN

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100421/ae31f719/attachment.pgp>

Comments at bottom:

--------- Forwarded message ----------
From: Guus Sliepen <guus at tinc-vpn.org>
Date: Wed, Apr 21, 2010 at 2:17 PM
Subject: Re: Use glpi-project plugin to manage tinc keys...
To: tinc at tinc-vpn.org


On Wed, Apr 21, 2010 at 08:12:49AM -0500, Rob Townley wrote:
> Anyone found a way to use glpi-project.org, ocsinventory-ng.org, or
> FusionInventory.org to manage tinc keys?
I hope you mean only the public keys? I have not heard about these projects
before today.
> These LinMacWin projects are used to manage an enterprise of machines. ?So
> all the machine info is already there and ?a plugin or api call could be
used
> to handle tinc specifics. GLPI can store files pertaining to a particular
> machine. ?The drawback would be that tinc would have to be modified to
lookup
> keys from glpi. ?Alternatively, use an ocs tinc installation package to
pull
> down keys for a particular group and push a key back to the repository upon
> creation by tinc.
Someone who works with such projects would have to write such an installer.
Alternatively, have a look at ChaosVPN, which is a wrapper around tinc which
pulls keys and config files from a central repository:

https://wiki.hamburg.ccc.de/index.php/ChaosVPN

--
Met vriendelijke groet / with kind regards,
? ? Guus Sliepen <guus at tinc-vpn.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvPTzwACgkQAxLow12M2nvrqACfYncLhJYRJV24GneoWsEbrHF6
NVUAn1UkBoxBXqSQ5HDPfp+iG/84cX6R
=M0X4
-----END PGP SIGNATURE-----

_______________________________________________
tinc mailing list
tinc at tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc


Yes, Guus, private keys should never leave a machine.  This would be a
repository for public keys, dynamic port numbers and dynamic
addresses.  Network grouping is sorta already done.  The specific
architecture mode could be kept in this inventory as well, but the 3
main management items are the public key, dynamic port number, and
dynamic ip address.   Key management being the priority.

i had not heard of ChaosVPN.  i will look at that right now.  i would
think the dynamic dns route would still be the ideal way, but other
ways may not need any development.

One use for ocsinventory-ng / fusion / glpi would be to have a fleet
of disparate machines scattered across the internet that you maintain
for your family or business.  tinc would provide a way to push
packages to its virtual ips in a more secure manner.  Nobody has to
login to a vpn.  AV monitoring.  Patch revision for Adobe Flash and
Adobe Reader ....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100421/2b8badff/attachment.pgp>