Other feature requests
Rob Townley
rob.townley at gmail.com
Sat Sep 11 03:01:15 CEST 2010
i have not submitted a patch, not even a bit.
On Fri, Sep 10, 2010 at 6:12 AM, Julien Muchembled <jm at jmuchemb.eu> wrote:
> Hello,
>
Enterprise tinc needs a central/distributed repository of nodes and
configuration information.
A plugin for one of the following would go far.
DNS, OCSInventory-NG, FreeIPA (DNS, LDAP and Kerberos).
> 1. push options to clients (see push/pull options of OpenVPN)
OCSInventory-NG has ability to store configuration information and
push software and settings to remote LinMacWin clients. But most
configuration info could be stored in a tinc accessible only DNS
server.
> 3. prevent a node from stealing an IP
Configuration information stored in LDAP and enforced by Kerberos.
> 4. prevent nodes from giving access to new nodes
FreeIPA could determine which nodes that NodeX has access to via Kerberos.
> 1. Pushing options to clients allows to centralize configuration, without
> having to reconfigure every node when one decide to change IP or any other
> network setting.
Configure each tinc client with a DNS server accessible only by tinc
clients. Store network names, public certificates, port numbers,
dynamic ip addresses and of course hostnames in dynamic DNS.
>
> 4. I don't want that any client is allowed to extend the network by giving
> access to new nodes. I should be the only person allowing a machine to join
> the VPN, by configuring 2 or 3 "master" nodes.
> In fact, what is important is to protect nodes from being accessed by
> unauthorized nodes.
Covered by new features but could be verified with Kerberos.
>
> What do you think of these features. Is there anything already implemented I
> would have missed ? Maybe only in the 1.1 branch ?
>
> I am ready to help on these topics, either for design or coding.
>
>
> Regards,
> Julien
> _______________________________________________
> tinc-devel mailing list
> tinc-devel at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-devel
>
More information about the tinc-devel
mailing list