Some tinc clatifications
Guus Sliepen
guus at tinc-vpn.org
Tue Jul 11 12:29:43 CEST 2017
On Tue, Jul 11, 2017 at 09:58:39AM +0200, Alessandro Briosi wrote:
> I understand on a security bug or something, but having to rekey all the
> hosts 'cause someone gets fired to me it sounds insane.
> There must be an easy way to block somebody from connecting to the VPN?
> Isn't removing it's reference on the "servers" enough?
The proper way is to remove the host key files of those nodes on all
other nodes. If only the "servers" have a copy of those host files, you
only need to remove it on the servers.
Note that you need to send the tinc daemons on those servers the HUP
signal (or "tincd -kHUP" for tinc 1.0, "tinc reload" for tinc 1.1) to
have them reread the host config files and disconnect any nodes for
which it doesn't have a host config file anymore.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170711/d9cdfa03/attachment.sig>
More information about the tinc
mailing list