TINC config files layout not human or script friendly
md at rpzdesign.com
md at rpzdesign.com
Mon Jan 12 05:47:57 CET 2015
Oops, did I forget to mention how good a design the REST of tinc is,
operationally speaking.
Config files aside, it is a really good VPN.
md
On 1/11/2015 10:05 PM, md at rpzdesign.com wrote:
> I would say the weakest part of the TINC design is the configuration
> file layout.
>
> There is no way to split out the essentially static configuration for
> all nodes in the cluster and isolate the node specific settings to one
> configuration file.
>
> So that means I have to keep an inventory of configuration files per
> node so I can edit and deliver them and keep everything straight.
>
> The private keys are in standalone files, but the public key is buried
> in along with other node specific settings in the host identifer file.
>
> So that makes it difficult to use a batch script and SSH and just update
> all the nodes with a new public/private key pair.
>
> Better yet, an option for a new key pair to autogenerate every N days or
> hours and then self deliver the public keys across the net via VPN.
>
> Also, in tinc-up script, I use the $INTERFACE for dynamic device name,
> but I would love if more config files, tinc.conf and the host config
> files could make more use of the $VARIABLE mechanism
> and maybe have a variables config file per node.
>
> That way my tinc-up file would be the same for every node. And my
> tinc.conf file.
>
> That way all per node specific settings would be in ONE file and all the
> other config files would be static for all nodes in the cluster.
>
> This message is part rant, part request, sorry if I offend anyone.
>
> md
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
More information about the tinc
mailing list