Securing tinc config files

Yazeed Fataar yazeedfataar at gmail.com
Sun Jan 24 13:19:02 CET 2016 

I cannot use dynamic dns , the remote sites connect through 4G LTE and get
assigned "Private Addresses" that are NATd to a Public Address. The LTE
clients can only make connections outward to the Internet and features such
as PAT and Dynamic DNS will not work. Therfor for these remote sites I need
a Central Server Located on Internet to peer with in order for the Site to
Site connection to work. Tinc works perfectly in this and I have tested it
thoroughly, I just have concerns now over the Central Server which holds
all the tinc configuration data.
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
This
email has been sent from a virus-free computer protected by Avast.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Regards
Yazeed Fataar
<yazeedfataar at hotmail.com>

On Sun, Jan 24, 2016 at 2:39 PM, Michele Perrucci <emmeperrucci at gmail.com>
wrote:

> 2016-01-24 11:59 GMT+01:00, Yazeed Fataar <yazeedfataar at gmail.com>:
> >[cut]
> > My situation I face is all my
> > remote sites have dynamic addresses ,and in order for me to create a
> > connection point between the sites is to have a central server in cloud
> > with public address. Therefor the VPS seems like the cheapest option and
> it
> > works well.. its the security part I have concerns with.
> > [cut]
>
> Same situation for me but I use a dynamic dns provider (there are a
> lot out there, free and paid : choose by yourself the best for you)
> coupled with dns-o-matic (a free service from opendns that act as a
> client for dynamic dns providers, so you gain two propagations of your
> addresses).
> So, make a dynamic dns provider account, make a dns-o-matic account,
> install and configure a ddns client on one or all  of your machines or
> routers, and you can use FQDN for your tinc configurations.
> In according with my experience, spreading worldwide IP changes is in
> order of seconds.
> Regards
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160124/d0c23b38/attachment-0001.html>

More information about the tinc mailing list