with altered source ports, and should detect whether or not packet
exchange via UDP works at all, and if not fall back to TCP.
+**Automate setting up nodes**
+
+The tincctl utility should have a wizard-like interface that asks a few
+necessary questions and then creates all the configuration files. Another
+useful feature would be to allow it to export a GPG signed email to selected
+recipients, which would be able to import them with a simple command. Another
+option would be to allow a user to connect via SSH to a remote node (if he has
+an account there), and do a two-way exchange of configuration files.
+
## Plans for tinc 2.0
The 2.0 branch will be a complete rewrite of tinc. Expectations
signatures, they can allow communication. Trust management should
be simple, for example using a command like
- tinc trust *foo*
+ tinc trust foo
which should let the local tinc
daemon trust information from the peer named *foo*. To authorise
the use of addresses on the VPN, a command like the following could
be used:
- tinc allow *bar* 192.168.3.0/24
+ tinc allow bar 192.168.3.0/24
This should generate a small certificate that proves that the node that
issued this command trusts node *bar* with the 192.168.3.0/24 range
the other peers in the VPN. It is also important to allow trust and
authorisation to be revoked in the same way:
- tinc distrust *foo*
+ tinc distrust foo
This should make the local tinc daemon stop trusting any information from *foo*.
- tinc deny *bar*
+ tinc deny bar
This should generate a certificate (with a newer timestamp than the previous one) denying
*bar* any access, and spread this amongst the other peers as well.