an other usage example
Florian Reitmeir
lists at reitmeir.org
Fri Jan 21 01:35:37 CET 2005
On Thu, 20 Jan 2005, Guus Sliepen wrote:
> > > I don't see what is so nice about the 172.120.121.0/24 subnet where the
> > > routers live. Why use it at all? Router A in your example probably
> > > already has the IP address 10.100.20.1 on its LAN. You can use that IP
> > > address on the VPN as well. Anyway, there are lots of ways to set up a
> > > (virtual private) network, the example from the website is but one of
> > > them, and everyone has his own taste of course.
> > yes, in our case there is the problem, that for various reasons we use
> > 192.168, 10.200, 172.120 /24 subnets for our VPNs and there is no way of
> > changing the IPs. When is understand correctly with the configurations you
> > use all VPNs are Subnets of one BIG VPN-Net. Its just not the case.
> Then use the existing 192.168.x.1, 10.200.y.1 and 172.120.z.1 router
> addresses, and add route statements in tinc-up to add routes for
> 192.168.0.0/16, 10.0.0.0/8 and 172.16.0.0/12 to $INTERFACE. That's the
> same as you described except still without the special 172.120.0.0/24
> subnet for the routers.
In my example the 172.120.0.0/24 is the net used by $INTERFACE, so i think
we'r both talking from the same thing. What i wanted to say is, just add such
a case to the doc on the webpage.
> > how stable is the gnu-tls version?
> I don't see how that question relates to the four lines you quoted above
> it, but to answer it:
aehm, your right..
> the 1.0-gnutls branch is a proof of concept
> version that works, but would need some work to really support X.509
> certificates authentication with all the bells and whistles like
> certificate chaining and revocation lists. Also, it still only does
> authentication with X.509, authorisation of the use of Subnets is still
> done the usual way.
> The 2.0 branch also uses GNUTLS, but it is still far from usable. If you
> have ideas or want to help, please let us know.
oh i'm interessted, and for the begining i'll hack the debian package so it
can drop the privileges, and has a persistent interface. When i'm done, i
send you the patches.
--
Dipl.-Inf. Univ. Florian Reitmeir http://net.multi24.com/
Josef-Schweinester-Str.1 Tel: +43 526 266166
6412 St. Georgen / Austria Fax: +43 526 266166 -10
More information about the tinc-devel
mailing list