an other usage example
Guus Sliepen
guus at sliepen.eu.org
Thu Jan 20 23:57:57 CET 2005
On Thu, Jan 20, 2005 at 11:41:19PM +0100, Florian Reitmeir wrote:
> > I don't see what is so nice about the 172.120.121.0/24 subnet where the
> > routers live. Why use it at all? Router A in your example probably
> > already has the IP address 10.100.20.1 on its LAN. You can use that IP
> > address on the VPN as well. Anyway, there are lots of ways to set up a
> > (virtual private) network, the example from the website is but one of
> > them, and everyone has his own taste of course.
> yes, in our case there is the problem, that for various reasons we use
> 192.168, 10.200, 172.120 /24 subnets for our VPNs and there is no way of
> changing the IPs. When is understand correctly with the configurations you
> use all VPNs are Subnets of one BIG VPN-Net. Its just not the case.
Then use the existing 192.168.x.1, 10.200.y.1 and 172.120.z.1 router
addresses, and add route statements in tinc-up to add routes for
192.168.0.0/16, 10.0.0.0/8 and 172.16.0.0/12 to $INTERFACE. That's the
same as you described except still without the special 172.120.0.0/24
subnet for the routers.
> > In any case, the tinc daemons only need to know their local config, and
> > only require the host config file of other tinc daemons if they
> > ConnectTo them. In the example on the website it says all hosts share
> > all the host config files, but that's just convenience.
> how stable is the gnu-tls version?
I don't see how that question relates to the four lines you quoted above
it, but to answer it: the 1.0-gnutls branch is a proof of concept
version that works, but would need some work to really support X.509
certificates authentication with all the bells and whistles like
certificate chaining and revocation lists. Also, it still only does
authentication with X.509, authorisation of the use of Subnets is still
done the usual way.
The 2.0 branch also uses GNUTLS, but it is still far from usable. If you
have ideas or want to help, please let us know.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20050120/393474f7/attachment-0001.pgp
More information about the tinc-devel
mailing list