Hello,>From what I see with my current tinc setup, to add a new node to the network, I need to generate a certificate and exchange it with at least one already-connected (let's call it "known") node.I can easily give the known node's certs to other clients, but getting other nodes' certificates into the known node's config is non-trivial. Is there a way to join the network without copying all certificates to the known node? Thanks,Ameir -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151221/60a7877e/attachment.html>
Hi Ameir,> [..] Is there a way to join the network without copying all certificates to > the known node?Tinc (as far as I know) does not support any kind of in-band key distribution. Thus you need to take care for this on your own. I consider this as a good approach. Personally I use the following approaches in different situations: * store the public keys ("hosts" directory) in a shared version control repository (subversion/git) * use rsync/scp for distributing the public keys from one central location * configuration management (puppet, ansible, ...) If you are using ansible for other administration tasks then maybe the attached ansible task file helps you getting started. Just ignore it, if you are not used to ansible. I would suggest that you do not complicate things too much. Just extend the tools that you are already using for your server or network administration. Cheers, Lars -------------- next part -------------- A non-text attachment was scrubbed... Name: tinc.yml Type: application/x-yaml Size: 1735 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151226/2dd6a3ba/attachment.bin>