<div dir="ltr">In the situation:<div><br></div><div>Node A <-> Node C</div><div>Node B <-> Node C</div><div><br></div><div>If I set ExperimentalProtocol = no in Node C and/or remove the ECDSA key from the nodes A and B from hosts files in Node C, would that do the trick? (without editing node A and B)</div>
<div><br></div><div>-rsd</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-02-11 11:32 GMT-02:00 Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On Tue, Feb 11, 2014 at 11:22:17AM -0200, Raul Dias wrote:<br>
<br>
> Feeling a 1.0pre deja vu.<br>
<br>
</div>Yep :)<br>
<div class=""><br>
> Is this the final protocol or might be some changes before 1.1 final?<br>
><br>
> Upgrading 30+ nodes from 1.0 were easier as it didn't have to be done at<br>
> once.<br>
<br>
</div>Only when 1.1.0 will be released will the protocol be final. There will<br>
probably be a few more changes to the protocol before then. If you have a<br>
network with 30+ nodes, I can see the problem. I suggest that you explicitly<br>
set ExperimentalProtocol = no in tinc.conf on most or all of your nodes. That<br>
way, they will use the old and stable protocol but you still get most of the<br>
new features of tinc 1.1.<br>
<br>
If you want to have a few nodes of your VPN use the new protocol, don't put<br>
ExperimentalProtocol = no in their tinc.conf, but instead, on those nodes,<br>
remove the ECDSAPublicKey from the host config files of nodes that will not be<br>
using the new protocol.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</div></div><br>_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>