book on tinc

Oleg Kolesnikov omkolesnikov at hotmail.com
Fri Jun 22 22:35:31 CEST 2001 

Hi Ivo and Guus,

We are writing a book on building VPNs for Linux and a part of it describes 
tinc. I wanted to make sure that your opinion, as tinc authors and 
developers, is reflected.

First, let me ask a couple of technical questions.

1.

If there are two hosts, foo and bar, that are to be connected via tinc, and 
each host should only have _one_ IP address (i.e. nmask is /32), would the 
following configuration work (in the context of the recent routing problems 
pointed out by users) ?

foo's configuration:

/etc/tinc/vpn1/tinc.conf --

Name = foo
ConnectTo = bar
KeyExpire = 3600
PingTimeout = 60
PrivateKeyFile = /etc/tinc/vpn1/rsa_key.priv
TapDevice = /dev/tap0

/etc/tinc/vpn1/hosts/bar --

Subnet = 192.168.1.2/32
Address = a.b.c.d
Port = 655
-----BEGIN RSA PUBLIC KEY-----
[…]
-----END RSA PUBLIC KEY-----

/etc/tinc/vpn1/tinc-up --

#!/bin/sh
ifconfig tap0 down
ifconfig tap0 hw ether fe:fd:00:00:00:00
ifconfig tap0 192.168.1.1 netmask 255.255.255.255
ifconfig tap0 -arp

bar's configuration:

/etc/tinc/vpn1/tinc.conf --

Name = bar
KeyExpire = 3600
PingTimeout = 60
PrivateKeyFile = /etc/tinc/vpn1/rsa_key.priv
TapDevice = /dev/tap0

/etc/tinc/vpn1/hosts/foo --

Subnet = 192.168.1.1/32

-----BEGIN RSA PUBLIC KEY-----
[…]
-----END RSA PUBLIC KEY-----

/etc/tinc/vpn1/tinc-up --

#!/bin/sh
ifconfig tap0 down
ifconfig tap0 hw ether fe:fd:00:00:00:00
ifconfig tap0 192.168.1.2 netmask 255.255.255.255
ifconfig tap0 -arp

2.

What is the right way of modifying the configuration above to switch to the 
universal TUN/TAP driver? Would it be ok if I just change tap0 to tun
(assuming that all other changes, such as adding kernel modules, 
recompiling, creating devices etc. have been made)

I would also like to ask you a couple of questions about your vision of tinc 
future and current direction tinc development is going in. Can you elaborate 
on that? What do you see as the drawbacks of the current version of tinc? 
How do you plan to improve it? From your experience, what category of people 
use tinc? Are you planning on adding other symmetric ciphers? Certificates?

Thanks,
Oleg Kolesnikov
---
Berkeley Lab | omkolesnikov at {lbl.gov, hotmail.com}

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list