why does the server needs to have the client's host file

Guus Sliepen guus at tinc-vpn.org
Wed Aug 31 18:46:23 CEST 2005 

On Sat, Aug 27, 2005 at 04:12:13PM -0700, Hansong Huang wrote:

> First I have the say TINC is great. it is the only one that I found
> fits my needs. I use it to create a virtual network for parallel
> computing using computers around labs and campus. 
> 
> i have a question though. suppose we work as a server A and client B
> setting. it is necessary for the client B to have the host file of the
> server A so that B knows where to find A. but why would A need to have
> the host file of B? 

A needs the public key of B, and that is usually stored in the host file
of B. It is true that A does not need to know B's IP address if it will
never initiate connections to B, you can omit the Address option from
B's host config file if you want.

> compare to a common setting in conventional VPN. the VPN server does
> not need to know anything about a VPN client and just waits for the
> connection. therefore, no configuration is needed to add an extra
> client. 
> 
> when the client B initiates the connection to server A, woulnd't it
> possible that B announce all its configuration etc to A so that A does
> not need to have any information about B a priori?

If the VPN server really doesn't know anything about B, then how does it
know it is a trusted client? Perhaps you are talking about a VPN
solution where the client has a certificate that is signed by a CA that
is trusted by the server. However, tinc currently does not use X.509
certificates but needs to exchange public keys directly in order to
establish trust relationships.

There is a proof of concept version of tinc that uses the GNUTLS
library, the TLS protocol and X.509 certificates, see
http://www.tinc-vpn.org/svn/tinc/branches/1.0-gnutls/. However some work
has to be done before that code is production quality.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20050831/b472e053/attachment.pgp

More information about the tinc mailing list