why does the server needs to have the client's host file
Guus Sliepen
guus at tinc-vpn.org
Wed Aug 31 18:46:23 CEST 2005
On Sat, Aug 27, 2005 at 04:12:13PM -0700, Hansong Huang wrote:
> First I have the say TINC is great. it is the only one that I found
> fits my needs. I use it to create a virtual network for parallel
> computing using computers around labs and campus.
>
> i have a question though. suppose we work as a server A and client B
> setting. it is necessary for the client B to have the host file of the
> server A so that B knows where to find A. but why would A need to have
> the host file of B?
A needs the public key of B, and that is usually stored in the host file
of B. It is true that A does not need to know B's IP address if it will
never initiate connections to B, you can omit the Address option from
B's host config file if you want.
> compare to a common setting in conventional VPN. the VPN server does
> not need to know anything about a VPN client and just waits for the
> connection. therefore, no configuration is needed to add an extra
> client.
>
> when the client B initiates the connection to server A, woulnd't it
> possible that B announce all its configuration etc to A so that A does
> not need to have any information about B a priori?
If the VPN server really doesn't know anything about B, then how does it
know it is a trusted client? Perhaps you are talking about a VPN
solution where the client has a certificate that is signed by a CA that
is trusted by the server. However, tinc currently does not use X.509
certificates but needs to exchange public keys directly in order to
establish trust relationships.
There is a proof of concept version of tinc that uses the GNUTLS
library, the TLS protocol and X.509 certificates, see
http://www.tinc-vpn.org/svn/tinc/branches/1.0-gnutls/. However some work
has to be done before that code is production quality.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20050831/b472e053/attachment.pgp
More information about the tinc
mailing list