Securing tinc config files
Guus Sliepen
guus at tinc-vpn.org
Sun Jan 24 12:36:14 CET 2016
On Sun, Jan 24, 2016 at 01:59:19PM +0300, Yazeed Fataar wrote:
> So based of this , having your central tinc server in VPS Provider , will
> allow potentially the provider to replicate your config files and thus
> exposing all your remote sites connected. My situation I face is all my
> remote sites have dynamic addresses ,and in order for me to create a
> connection point between the sites is to have a central server in cloud
> with public address. Therefor the VPS seems like the cheapest option and it
> works well.. its the security part I have concerns with.
Tinc can work with dynamic addresses as well, as long as you have one
node with a fixed domain name, that is fine. Maybe a dynamic DNS service
can work for you?
> There was a option I was thinking of using is creating a encrypted
> partition that I will need to manually decrypt once the server is booted.
> This partition will contain the "/etc/tinc" directory. In this case the if
> someone had to compromise my server they would first need to decrypt my
> encrypted partition.
That is only the case when the server is down. If they compromise it
while it is running, you will already have unlocked the encrypted
partition and they can still read it.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160124/2eba0cf8/attachment.sig>
More information about the tinc
mailing list