On Sun, May 06, 2012 at 06:02:18PM -0500, Xaquseg wrote:
> tinc distributes IP address information to VPN nodes as part of its
> internal protocol. This is useful in most situations, however in some
> configurations this can be a security issue. Is there a way to disable
> that, if not, how hard would that be to add?
You can use the TunnelServer option, which will stop forwarding Subnet
information to other nodes. Or you can remove the Subnets from the host config
files and use Mode = switch in tinc.conf in which case no IP address will be
exchanged, only MAC addresses.
However, if not all your peers trust each other, my advice would be not to put
them all in the same VPN.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20120507/eefd9740/attachment.pgp>