X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=goals.mdwn;h=19f02f5cdc4d78e4f8c6a9ca964762e8ccb2adad;hb=bc776f59ff2046aa616f781bce2778034232d45e;hp=41a5a10b272dadd2ada0467523166b2ff2dfc45d;hpb=7c74a57cd95cfc0358fdd5980d9170ea16751dfb;p=wiki diff --git a/goals.mdwn b/goals.mdwn index 41a5a10..19f02f5 100644 --- a/goals.mdwn +++ b/goals.mdwn @@ -103,6 +103,15 @@ another workaround to get tinc to work. Tinc should be able to cope with altered source ports, and should detect whether or not packet exchange via UDP works at all, and if not fall back to TCP. +**Automate setting up nodes** + +The tincctl utility should have a wizard-like interface that asks a few +necessary questions and then creates all the configuration files. Another +useful feature would be to allow it to export a GPG signed email to selected +recipients, which would be able to import them with a simple command. Another +option would be to allow a user to connect via SSH to a remote node (if he has +an account there), and do a two-way exchange of configuration files. + ## Plans for tinc 2.0 The 2.0 branch will be a complete rewrite of tinc. Expectations @@ -137,14 +146,14 @@ PGP, where peers can sign each other, and if there are enough signatures, they can allow communication. Trust management should be simple, for example using a command like - tinc trust *foo* + tinc trust foo which should let the local tinc daemon trust information from the peer named *foo*. To authorise the use of addresses on the VPN, a command like the following could be used: - tinc allow *bar* 192.168.3.0/24 + tinc allow bar 192.168.3.0/24 This should generate a small certificate that proves that the node that issued this command trusts node *bar* with the 192.168.3.0/24 range @@ -153,11 +162,11 @@ tinc daemon's configuration, but also spread immediately amongst the other peers in the VPN. It is also important to allow trust and authorisation to be revoked in the same way: - tinc distrust *foo* + tinc distrust foo This should make the local tinc daemon stop trusting any information from *foo*. - tinc deny *bar* + tinc deny bar This should generate a certificate (with a newer timestamp than the previous one) denying *bar* any access, and spread this amongst the other peers as well.