Replacing of non-alphanumeric chars in Name can be confusing
Niklas Hambüchen
mail at nh2.me
Sat May 27 17:46:17 CEST 2017
Tinc replaces non-alphanumeric characters in the `Name` field of
tinc.conf by '_' (see [1] and [2]).
This includes hyphens ('-'), which are often used in host names.
That is quite surprising, and can easily lead to misconfigurations,
especially because there doesn't seem to be a warning if you configure
`Name = node-1`, and on the other machines the host file
/etc/tinc/myvpn/hosts/node-1, as no such replacement is done on the
files in the file system.
It's especially troublesome because the way that tinc replaces chars in
the host name is an undocumented implementation detail, so when
configuring tinc, you can't really know how you have to call your
.../hosts/... files because you don't know guaranteed what replacements
tinc will perform.
The man page https://www.tinc-vpn.org/documentation-1.1/tinc.conf.5 says
"If Name is $HOST, but no such environment variable exist, the
hostname will be read using the gethostname() system call."
Now of course one can say "well, it doesn't say that the gethostname()
is *used*, just that it is *read*, so technically that's right", but
sysadmin who just got really confused wouldn't appreciate that fact.
Thus, I would like to request one of the following changes:
1) The tinc man page makes explicit characters are allowed in the
`Name`, and tinc bails out if that is not honoured.
or
2) The tinc man page makes explicit characters are allowed in the
`Name`, and details what replacements are done, so that the
administrator can place correctly substituted .../hosts/... files.
or
3) Tinc performs the same replacements it does to `Name` fields with
non-alphanumeric .../hosts/... files, and mentions this in the man page.
Of those, (3) seems ugly and requires a directory scan.
I prefer (1), as administrators are still very likely to get it
accidentally wrong, especially when setting up tinc in automated
deployments.
Thank you!
Niklas
[1]
https://github.com/gsliepen/tinc/blob/5c344f297682cf11793407fca4547968aee22d95/src/net_setup.c#L341
[2] https://github.com/gsliepen/tinc/blob/1.1/src/net_setup.c#L389
More information about the tinc
mailing list