an other usage example

Florian Reitmeir lists at reitmeir.org
Fri Jan 21 01:35:37 CET 2005 

On Thu, 20 Jan 2005, Guus Sliepen wrote:

> > > I don't see what is so nice about the 172.120.121.0/24 subnet where the
> > > routers live. Why use it at all? Router A in your example probably
> > > already has the IP address 10.100.20.1 on its LAN. You can use that IP
> > > address on the VPN as well. Anyway, there are lots of ways to set up a
> > > (virtual private) network, the example from the website is but one of
> > > them, and everyone has his own taste of course.
> > yes, in our case there is the problem, that for various reasons we use 
> > 192.168, 10.200, 172.120 /24 subnets for our VPNs and there is no way of
> > changing  the IPs. When is understand correctly with the configurations you
> > use all VPNs are Subnets of one BIG VPN-Net. Its just not the case.
> Then use the existing 192.168.x.1, 10.200.y.1 and 172.120.z.1 router
> addresses, and add route statements in tinc-up to add routes for
> 192.168.0.0/16, 10.0.0.0/8 and 172.16.0.0/12 to $INTERFACE. That's the
> same as you described except still without the special 172.120.0.0/24
> subnet for the routers.
In my example the 172.120.0.0/24 is the net used by $INTERFACE, so i think
we'r both talking from the same thing. What i wanted to say is, just add such
a case to the doc on the webpage.

> > how stable is the gnu-tls version?
> I don't see how that question relates to the four lines you quoted above
> it, but to answer it: 
aehm, your right.. 

> the 1.0-gnutls branch is a proof of concept
> version that works, but would need some work to really support X.509
> certificates authentication with all the bells and whistles like
> certificate chaining and revocation lists. Also, it still only does
> authentication with X.509, authorisation of the use of Subnets is still
> done the usual way.
> The 2.0 branch also uses GNUTLS, but it is still far from usable. If you
> have ideas or want to help, please let us know.
oh i'm interessted, and for the begining i'll hack the debian package so it
can drop the privileges, and has a persistent interface. When i'm done, i
send you the patches. 


-- 
Dipl.-Inf. Univ. Florian Reitmeir                     http://net.multi24.com/

Josef-Schweinester-Str.1                              Tel: +43 526 266166 
6412 St. Georgen / Austria                            Fax: +43 526 266166 -10

More information about the tinc-devel mailing list