Routing and keying Questions
Guus Sliepen
guus at tinc-vpn.org
Mon Jul 7 12:29:17 CEST 2008
On Sun, Jul 06, 2008 at 09:45:30PM +0200, Frithjof Hammer wrote:
> >Yep, each node contact the other to distribute the network information.
> Can this be switched off? What exactly does the parameter "TunnelServer =
> <yes|no> (no) [experimental]" do? The description sounds more or less like
> it.
There is a short description in the manual and in the tinc.conf manpage.
Just try it out and see if it does what you want or not.
> >> * Is this (nodes can talk to eachother without having the crypto keys) the
> >> correct behavior?
> >Yes, that's one of the advantages of using tinc.
>
> Then why use different keys for each node and not a shared key for everyone?
If you have 100 nodes and you want to bar one node from accessing the
VPN, you only have to remove its host config files from those nodes that
have it. You can do this without stopping any VPN daemon. With a shared
key, you'd have to distribute a new key to 99 nodes and restart all
daemons.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20080707/c131c8ad/attachment.pgp
More information about the tinc
mailing list