So, for remote manageability of Tinc, we don't have any SNMP or REST like programmatic ways? If it is going to be CLI only, it is definitely not secure to manage and also not very convenient to manage programmatically. On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote: > > > > Is there any quickstart guide to setup site-to-site VPN using Tinc 1.1 > > > pre-rel? > > You can find an example of a site-to-site VPN with four sites here: > > http://tinc-vpn.org/documentation/Example-configuration.html > > > > Assuming I have two routers at two sites running tinc vpn along with > > > routing feature. > > If you only have two sites, then just look at the example configuration > for "Branch A" and "Branch B" in the page I linked, and ignore the other > two sites. > > > > Once I setup manually and validate the connection, I want to automate > > > using REST APIs. > > Tinc does not expose any REST APIs. With tinc 1.1, you can use the > command line tool to automate things though, see: > > http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180326/bce35df8/attachment.html>
Could you elaborate on why CLI (SSH) managing is insecure? Tomasz Chmielewski https://lxadm.com On 2018-03-27 04:23, al so wrote:> So, for remote manageability of Tinc, we don't have any SNMP or REST > like programmatic ways? > > If it is going to be CLI only, it is definitely not secure to manage > and also not very convenient to manage programmatically. > > On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <guus at tinc-vpn.org> > wrote: > >> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote: >> >>>> Is there any quickstart guide to setup site-to-site VPN using >> Tinc 1.1 >>>> pre-rel? >> >> You can find an example of a site-to-site VPN with four sites here: >> >> http://tinc-vpn.org/documentation/Example-configuration.html [1] >> >>>> Assuming I have two routers at two sites running tinc vpn along >> with >>>> routing feature. >> >> If you only have two sites, then just look at the example >> configuration >> for "Branch A" and "Branch B" in the page I linked, and ignore the >> other >> two sites. >> >>>> Once I setup manually and validate the connection, I want to >> automate >>>> using REST APIs. >> >> Tinc does not expose any REST APIs. With tinc 1.1, you can use the >> command line tool to automate things though, see: >> >> http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html [2] >> >> -- >> Met vriendelijke groet / with kind regards, >> Guus Sliepen <guus at tinc-vpn.org> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc [3] > > > > Links: > ------ > [1] http://tinc-vpn.org/documentation/Example-configuration.html > [2] http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html > [3] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Programmatic management with first class APIs is preferred for larger deployments.. On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski <mangoo at wpkg.org> wrote:> Could you elaborate on why CLI (SSH) managing is insecure? > > > Tomasz Chmielewski > https://lxadm.com > > > On 2018-03-27 04:23, al so wrote: > >> So, for remote manageability of Tinc, we don't have any SNMP or REST >> like programmatic ways? >> >> If it is going to be CLI only, it is definitely not secure to manage >> and also not very convenient to manage programmatically. >> >> On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <guus at tinc-vpn.org> >> wrote: >> >> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote: >>> >>> Is there any quickstart guide to setup site-to-site VPN using >>>>> >>>> Tinc 1.1 >>> >>>> pre-rel? >>>>> >>>> >>> You can find an example of a site-to-site VPN with four sites here: >>> >>> http://tinc-vpn.org/documentation/Example-configuration.html [1] >>> >>> Assuming I have two routers at two sites running tinc vpn along >>>>> >>>> with >>> >>>> routing feature. >>>>> >>>> >>> If you only have two sites, then just look at the example >>> configuration >>> for "Branch A" and "Branch B" in the page I linked, and ignore the >>> other >>> two sites. >>> >>> Once I setup manually and validate the connection, I want to >>>>> >>>> automate >>> >>>> using REST APIs. >>>>> >>>> >>> Tinc does not expose any REST APIs. With tinc 1.1, you can use the >>> command line tool to automate things though, see: >>> >>> http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html [2] >>> >>> -- >>> Met vriendelijke groet / with kind regards, >>> Guus Sliepen <guus at tinc-vpn.org> >>> >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc [3] >>> >> >> >> >> Links: >> ------ >> [1] http://tinc-vpn.org/documentation/Example-configuration.html >> [2] http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html >> [3] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180329/68fb8a6e/attachment.html>