site-site vpn setup..
Rafael Wolf
rfwolf at gmail.com
Fri Mar 30 21:17:57 CEST 2018
Lulz...I don't think you know what you're talking about.
😂😂😂😂
On Fri, Mar 30, 2018, 3:12 PM al so <volkswak at gmail.com> wrote:
> There is a reason most NMS systems used SNMP in the past and REST apis
> past 7+ years. They don't use CLIs except toy Expect type scripts.. Not
> just security but better error handling and more.
>
> Good luck learning!
>
> On Thu, Mar 29, 2018 at 9:03 AM, Tomasz Chmielewski <mangoo at wpkg.org>
> wrote:
>
>> SNMP is mainly used for monitoring, not _server_ automation.
>>
>> Also, it's inherently insecure for anything else - only SNMPv3 offers any
>> kind of encryption, and it's DES - 56 bit only, and you can easily
>> brute-force it on an average computer.
>>
>>
>> If you could provide some serious articles about why is CLI insecure, I'd
>> be interested to read.
>>
>>
>> Tomasz Chmielewski
>> https://lxadm.com
>>
>>
>>
>> On 2018-03-30 00:48, al so wrote:
>>
>>> Just search online why in general that is insecure via CLI vs
>>> programmatic for first class automation.. there is a reason why snmp,
>>> rest, ... exist.
>>>
>>> On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org>
>>> wrote:
>>>
>>> You've mentioned security issues in your previous email, but now
>>>> you're hopping to management issues.
>>>>
>>>> Have you tried Ansible, Chef or Puppet for automation? It works well
>>>> for hundreds of servers, different services and not just one kind of
>>>> VPN.
>>>>
>>>> Tomasz Chmielewski
>>>> https://lxadm.com
>>>>
>>>> On 2018-03-29 16:10, al so wrote:
>>>> Programmatic management with first class APIs is preferred for
>>>> larger
>>>> deployments..
>>>>
>>>> On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski
>>>> <mangoo at wpkg.org>
>>>> wrote:
>>>>
>>>> Could you elaborate on why CLI (SSH) managing is insecure?
>>>>
>>>> Tomasz Chmielewski
>>>> https://lxadm.com
>>>>
>>>> On 2018-03-27 04:23, al so wrote:
>>>> So, for remote manageability of Tinc, we don't have any SNMP or
>>>> REST
>>>> like programmatic ways?
>>>>
>>>> If it is going to be CLI only, it is definitely not secure to manage
>>>> and also not very convenient to manage programmatically.
>>>>
>>>> On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <guus at tinc-vpn.org>
>>>> wrote:
>>>>
>>>> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote:
>>>>
>>>> Is there any quickstart guide to setup site-to-site VPN using
>>>> Tinc 1.1
>>>>
>>>> pre-rel?
>>>>
>>>
>>> You can find an example of a site-to-site VPN with four sites here:
>>>
>>> http://tinc-vpn.org/documentation/Example-configuration.html [1] [1]
>>> [1]
>>>
>>> Assuming I have two routers at two sites running tinc vpn along
>>>>>
>>>> with
>>>
>>> routing feature.
>>>>>
>>>>
>>> If you only have two sites, then just look at the example
>>> configuration
>>> for "Branch A" and "Branch B" in the page I linked, and ignore the
>>> other
>>> two sites.
>>>
>>> Once I setup manually and validate the connection, I want to
>>>>>
>>>> automate
>>>
>>> using REST APIs.
>>>>>
>>>>
>>> Tinc does not expose any REST APIs. With tinc 1.1, you can use the
>>> command line tool to automate things though, see:
>>>
>>> http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html [2] [2]
>>> [2]
>>>
>>>
>>>
>>> Links:
>>> ------
>>> [1] http://tinc-vpn.org/documentation/Example-configuration.html
>>> [2] http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html
>>>
>>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180330/a4a4a5ba/attachment-0001.html>
More information about the tinc
mailing list