<div dir="ltr">Programmatic management with first class APIs is preferred for larger deployments..<div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski <span dir="ltr"><<a href="mailto:mangoo@wpkg.org" target="_blank">mangoo@wpkg.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Could you elaborate on why CLI (SSH) managing is insecure?<br>
<br>
<br>
Tomasz Chmielewski<br>
<a href="https://lxadm.com" rel="noreferrer" target="_blank">https://lxadm.com</a><span class=""><br>
<br>
<br>
On 2018-03-27 04:23, al so wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
So, for remote manageability of Tinc, we don't have any SNMP or REST<br>
like programmatic ways?<br>
<br>
If it is going to be CLI only, it is definitely not secure to manage<br>
and also not very convenient to manage programmatically.<br>
<br>
On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>><br>
wrote:<br>
<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
 Is there any quickstart guide to setup site-to-site VPN using<br>
</blockquote></blockquote>
Tinc 1.1<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
pre-rel?<br>
</blockquote></blockquote>
<br>
You can find an example of a site-to-site VPN with four sites here:<br>
<br>
</span><a href="http://tinc-vpn.org/documentation/Example-configuration.html" rel="noreferrer" target="_blank">http://tinc-vpn.org/documentat<wbr>ion/Example-configuration.html</a> [1]<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
 Assuming I have two routers at two sites running tinc vpn along<br>
</blockquote></blockquote>
with<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
routing feature.<br>
</blockquote></blockquote>
<br>
If you only have two sites, then just look at the example<br>
configuration<br>
for "Branch A" and "Branch B" in the page I linked, and ignore the<br>
other<br>
two sites.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
 Once I setup manually and validate the connection, I want to<br>
</blockquote></blockquote>
automate<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
using REST APIs.<br>
</blockquote></blockquote>
<br>
Tinc does not expose any REST APIs. With tinc 1.1, you can use the<br>
command line tool to automate things though, see:<br>
<br>
</span><a href="http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html" rel="noreferrer" target="_blank">http://tinc-vpn.org/documentat<wbr>ion-1.1/Controlling-tinc.html</a> [2]<span class=""><br>
<br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>><br>
<br>
______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
</span><a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-b<wbr>in/mailman/listinfo/tinc</a> [3]<br>
</blockquote>
<br>
<br>
<br>
Links:<br>
------<br>
[1] <a href="http://tinc-vpn.org/documentation/Example-configuration.html" rel="noreferrer" target="_blank">http://tinc-vpn.org/documentat<wbr>ion/Example-configuration.html</a><br>
[2] <a href="http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html" rel="noreferrer" target="_blank">http://tinc-vpn.org/documentat<wbr>ion-1.1/Controlling-tinc.html</a><br>
[3] <a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-b<wbr>in/mailman/listinfo/tinc</a><span class=""><br>
______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-b<wbr>in/mailman/listinfo/tinc</a><br>
</span></blockquote><div class="HOEnZb"><div class="h5">
______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-b<wbr>in/mailman/listinfo/tinc</a><br>
</div></div></blockquote></div><br></div></div>