Saverio Proto
2016-May-29 07:04 UTC
Feedback about OpenWrt and Tinc version to be packaged.
Hello, I received this pull request. https://github.com/openwrt/packages/pull/2757/files As I wrote in the comments I am not sure that is the way to go. Packaging a software for a distribution is not just about software development. There are operational issues to be addressed. A lot of people use the tinc package and they expect they configs to survive a package update. Also they expect the VPN to continue working even if they dont upgrade all the nodes at once. AFAIK there is no official migration guidalines available on the tinc website for people running VPNs on 1.0.x to migrate to 1.1 Moreover the stable version is still 1.0.28 on the official tinc web site. I dont want to impose my thinking and keep Tinc in OpenWRT at 1.0.x, so I am here to collect user feedback to take a better decision. thank you Saverio
Hello Saverio, In my experience, tinc 1.0 and tinc 1.1 coexist, provided they are at compatible minor versions. However, tinc for openwrt comes with wrapper scripts, which need to be adapted to accomodate diverging tinc 1.0 and 1.1 configuration variables. I had given a shot a it (https://github.com/awiouy/openwrt-tinc-1.1, runs on my routers). Incidentally, I was wondering whether the wrapper scripts are really pertinent, since they complicate both configuration and maintenance. Moreover, most how-tos I read configure tinc in /etc/tinc rather than in /etc/config. You could maybe provide distinct packages, tinc and tinc-1.1, and let users decide which of them they install. This would also allow to rethink/rewrite the package, and not worry too much about migration from 1.0 to 1.1. What do you think? Thank you for your attention, and regards, @> Le 29 mai 2016 ? 09:04, Saverio Proto <zioproto at gmail.com> a ?crit : > > Hello, > > I received this pull request. > > https://github.com/openwrt/packages/pull/2757/files > > As I wrote in the comments I am not sure that is the way to go. > > Packaging a software for a distribution is not just about software > development. There are operational issues to be addressed. > A lot of people use the tinc package and they expect they configs to > survive a package update. Also they expect the VPN to continue working > even if they dont upgrade all the nodes at once. > > AFAIK there is no official migration guidalines available on the tinc > website for people running VPNs on 1.0.x to migrate to 1.1 > > Moreover the stable version is still 1.0.28 on the official tinc web site. > > I dont want to impose my thinking and keep Tinc in OpenWRT at 1.0.x, > so I am here to collect user feedback to take a better decision. > > thank you > > Saverio > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160529/49d49ef5/attachment.html>
Guus Sliepen
2016-May-29 08:43 UTC
Feedback about OpenWrt and Tinc version to be packaged.
On Sun, May 29, 2016 at 09:04:13AM +0200, Saverio Proto wrote:> I received this pull request. > > https://github.com/openwrt/packages/pull/2757/files > > As I wrote in the comments I am not sure that is the way to go.[...]> I dont want to impose my thinking and keep Tinc in OpenWRT at 1.0.x, > so I am here to collect user feedback to take a better decision.Well, I'm not really a user of tinc on OpenWRT, but I'd strongly suggest you keep using the stable version of tinc until the release of stable version 1.1.0. I cannot guarantee the new protocol in the 1.1pre-releases will not change until 1.1.0 is released. That said, Tinc 1.1 should be backwards compatible with the configuration from 1.0.x. Apart from generating an Ed25519 keypair, you should just be able to use your old configuration files without any changes. If there is anything that breaks when you do this, let me know. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160529/0e639665/attachment.sig>
On 29/05/16 08:04, Saverio Proto wrote:> Packaging a software for a distribution is not just about software > development. There are operational issues to be addressed. > A lot of people use the tinc package and they expect they configs to > survive a package update.I am not sure this is too much of a problem, as long as the change is fairly well advertised (this list may be enough?). However, if I am going to have change my config, this would probably be the time to bring it fully into the OpenWRT /etc/config UCI regime. Personally, I find it convenient to use the same config files as on my other nodes, particularly copying host files. But, I would be willing to switch to configuration using UCI -- as long as it meant I could get rid of the tinc.conf and tinc-up completely. It might be nice to allow an option to keep using the hosts files -- i.e. be able to either use UCI to replace all the hosts files, or configure UCI to tell tinc to continue to use the hosts files.> Also they expect the VPN to continue working > even if they dont upgrade all the nodes at once.That is important, although I believe 1.1 and 1.0 are compatible.> ... > I dont want to impose my thinking and keep Tinc in OpenWRT at 1.0.x, > so I am here to collect user feedback to take a better decision.As for whether this is the time to switch to 1.1, I would ask Guus for guidance. If I did switch my main openwrt router to tinc 1.1 I would probably use that as the trigger to start the process to switch my other nodes to 1.1 as well. Graham