Some tinc clatifications

Alessandro Briosi tsdogs at briosix.org
Tue Jul 11 09:58:39 CEST 2017 

Il 2017-07-10 18:32 Matthew Nichols ha scritto:
> 1. That entirely depends on how you have it set up (look at
> StrictSubnets and TunnelServer). It might also be recommended to have
> every node re-key itself (http://tinc-vpn.org/security/).

I've used StrictSubnets and TunnelServer (and probably will keep using 
this so roadwarriors don't see eachother, though looking at the logs and 
adding the route manually simply would allow them to connect to the 
others in some cases), but that's not the point.

I understand on a security bug or something, but having to rekey all the 
hosts 'cause someone gets fired to me it sounds insane.
There must be an easy way to block somebody from connecting to the VPN? 
Isn't removing it's reference on the "servers" enough?


> 2. No, tinc cannot do this itself.
ok

> 3. That is not a bad approach.
ok

> 
> -----Original Message-----
> From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Alessandro 
> Briosi
> Sent: Monday, July 10, 2017 1:43 AM
> To: tinc at tinc-vpn.org
> Subject: Some tinc clatifications
> 
> Hi all,
> I'm currently happily using tinc in my networks.
> 
> I also use OpenVPN based on the customer requirements.
> 
> I though have some questions which I could not find a clear answer.
> 
> What I'd like to know is:
> 1. How to revoke a "node", simply removing the host file on the servers
> is enough? And one created by invitation?
> 2. Is there a way to let tinc ask for a username/password (like it's
> possible with OpenVPN)?
>     (I know this might be complicated as one would have to have a
> centralized or synced user db, but that's not tinc business anyway).
> 3. Suppose I have 3 or more tinc "servers", is it suggested that the
> "hosts" directory be synced between thoose hosts?
> 
> Thank you.
> Alessandro
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

More information about the tinc mailing list