Heng Wang
2016-Jul-25 16:16 UTC
How does tinc server handle the case one client's key file is removed after connection
Hi Guys, Say when tinc is running all good, the "server" contains all the key files of clients. If we remove the key file for client A during run, how long before does server find out the key file is gone? I see a "KeyExpire" option in the conf file, is this the time? In my own experiment, the client will still be able to connect to the tinc network even if the key file is being removed. Of course the connection will be gone if I restart tinc server on the client side. Thank you. Heng -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160725/79831ace/attachment.html>
Guus Sliepen
2016-Jul-25 16:28 UTC
How does tinc server handle the case one client's key file is removed after connection
On Mon, Jul 25, 2016 at 12:16:36PM -0400, Heng Wang wrote:> Say when tinc is running all good, the "server" contains all the key files > of clients. > If we remove the key file for client A during run, how long before does > server find out the key > file is gone? I see a "KeyExpire" option in the conf file, is this the time?KeyExpire is the time used for session keys, it doesn't apply to public keys loaded from config files. Normally tinc should reread the host config file each time a connection is made. But existing connections will normally be kept alive. To force tinc to disconnect peers when their host config file is removed, send the server tincd the HUP signal: tincd -n <netname> -kHUP -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160725/5523ab5f/attachment.sig>
Рысь
2016-Jul-25 16:32 UTC
How does tinc server handle the case one client's key file is removed after connection
On Mon, 25 Jul 2016 12:16:36 -0400 Heng Wang <jason.wangh at gmail.com> wrote:> Hi Guys, > > Say when tinc is running all good, the "server" contains all the key > files of clients. > If we remove the key file for client A during run, how long before > does server find out the key > file is gone? I see a "KeyExpire" option in the conf file, is this > the time? > > In my own experiment, the client will still be able to connect to the > tinc network even if the key file is being removed. Of course the > connection will be gone if I restart tinc server on the client side. > > Thank you. > HengUsually you manually tell tinc that a particular client has gone by sending a SIGHUP signal to it. There probably no configurable option to automatically remove a client from network once it's config (key) file was removed. But does not it happen automatically? Tinc tries to open config file on next connection attempt, and if that fails - denies it. At least on 1.0.x. -- http://lynxlynx.tk/ Power electronics made simple Unix and simple KISS C code
Azul
2016-Jul-25 16:45 UTC
How does tinc server handle the case one client's key file is removed after connection
and if you want something a bit fancier, you can use this: https://github.com/JeevesTakesOver/Railtrack On 25 July 2016 at 17:32, Рысь <lynx at lynxlynx.tk> wrote:> On Mon, 25 Jul 2016 12:16:36 -0400 > Heng Wang <jason.wangh at gmail.com> wrote: > > > Hi Guys, > > > > Say when tinc is running all good, the "server" contains all the key > > files of clients. > > If we remove the key file for client A during run, how long before > > does server find out the key > > file is gone? I see a "KeyExpire" option in the conf file, is this > > the time? > > > > In my own experiment, the client will still be able to connect to the > > tinc network even if the key file is being removed. Of course the > > connection will be gone if I restart tinc server on the client side. > > > > Thank you. > > Heng > > Usually you manually tell tinc that a particular client has gone by > sending a SIGHUP signal to it. There probably no configurable option to > automatically remove a client from network once it's config (key) file > was removed. > > But does not it happen automatically? Tinc tries to open > config file on next connection attempt, and if that fails - denies it. > At least on 1.0.x. > > -- > http://lynxlynx.tk/ > Power electronics made simple > Unix and simple KISS C code > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160725/b5f67942/attachment.html>
Reasonably Related Threads
- Memory leak on tinc
- How does tinc server handle the case one client's key file is removed after connection
- How does tinc server handle the case one client's key file is removed after connection
- deployment automation
- Create network of untrusted peers (like SocialVPN, ChaosVPN, etc)