Misuzi
2012-Nov-09 09:05 UTC
Does tinc have any plan to add radius accounting/authentication(or flowing overview)?
Hi, I use tinc-vpn to create private mesh vpn networks between office and house in different locations and it works really well. But somehow I'm considering if there were any possibility to add radius support for single node traffic management. I does think it will be really difficult to implement such functions as a feature of a mesh network,because all of the traffic was initiated end to end without any interventions from any server nodes. But is there any method to get some kind of flowing overview of a tinc network? Best Ragards Tim Lee
Guus Sliepen
2012-Nov-10 15:57 UTC
Does tinc have any plan to add radius accounting/authentication(or flowing overview)?
On Fri, Nov 09, 2012 at 05:05:37PM +0800, Misuzi wrote:> I use tinc-vpn to create private mesh vpn networks between office and house > in different locations and it works really well. But somehow I'm considering > if there were any possibility to add radius support for single node traffic > management. > > I does think it will be really difficult to implement such functions as a > feature of a mesh network,because all of the traffic was initiated end to end > without any interventions from any server nodes. But is there any method to > get some kind of flowing overview of a tinc network?Tinc version 1.1 has per-node traffic counters (both number of packets and number of byte) that you can query using a control interface. Indeed, a node only counts traffic that is either sent from or received by itself, although in principle you could connect to all nodes in a VPN to get the traffic statistics of the whole VPN. Tinc 1.1 comes with a utility called "tincctl" that can connect to a running tinc daemon using this control interface and get some information from it. The "tincctl top" command works like the regular "top" command, but instead of processes and CPU time it shows you VPN nodes and the number of packets and bytes received and transmitted. If you really want RADIUS support then there are two options; either write a small daemon that accepts RADIUS requests and forwards them to tincd using the control interface, or to add RADIUS support directly into tinc. It is certainly possible, but such a feature is low on my todo list, but I welcome any patches. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20121110/bb061ccd/attachment.pgp>