Fwd: How to avoid friends of friends joining the vpn ?
Guus Sliepen
guus at tinc-vpn.org
Sun Mar 13 18:52:17 CET 2016
On Sun, Mar 13, 2016 at 04:57:12PM +0000, Azul wrote:
> Tinc 1.0
> 3 control masters
> Many service hosts
> Laptop (road warrior)
>
> The control masters have the public keys for the service hosts and the
> laptop so that they can join the network.
>
> How can I prevent the laptop user to connect additional boxes to the
> network?
There are several ways. One can be to have two VPNs, one for trusted
nodes, and one for untrusted nodes like your laptop user. Another option
is to use the TunnelServer or the StrictSubnets options to restrict what
other nodes can do.
But even if you could prevent the laptop user from introducing foreign
hosts using tinc, he can simply use a separate VPN to have foreign nodes
connect to his laptop, and then use NAT to give them access your VPN. So
in short, if you don't trust someone to behave, you shouldn't allow him
access at all.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160313/179c53ae/attachment.sig>
More information about the tinc
mailing list