On Mon, May 04, 2015 at 08:50:36PM +0200, Anne-Gwenn Kettunen wrote:
> Hi! I'm setting up a VPN with friends of mine, and we are currently
> considering the possibility to opening the subnet to more people.
> Considering that one day or another we may have to isolate a subnet
(because
> of bad behaviour, or because it has been compromised), which solution(s)
> would you recommend for such a situation?
There is no centralized way to remove a subnet or block a user. A user
is authorized to be on the network by other nodes that have his/her
public key. If you delete the offending host config files and let tinc
reload its configuration, you can remove a bad node from the network.
If you have one or a few central nodes where all other nodes ConnectTo,
then it is easy to do. Another option is to use a tool like ChaosVPN to
centrally manage your tinc configuration and host config files. See:
https://github.com/ryd/chaosvpn
You can adapt it for your own VPN. Windows support is lacking though.
-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20150504/c59c91b1/attachment.sig>