One host for forwarding only without keys
Etienne Dechamps
etienne at edechamps.fr
Fri Sep 2 20:51:14 CEST 2016
What version of tinc are you using? tinc 1.1 already does what you want out
of the box: packets sent from node A to node B through node C will use a
key that A and B will negotiate between themselves. C doesn't have the key,
and will act as a blind relay. C will not be able to decipher the packets
flowing between A and B.
This is different from tinc 1.0, where C would have to decipher the packet
in order to determine what its final destination is. In tinc 1.1 that
routing information is sent in cleartext so that C can forward the packet
without having to decipher it.
On 2 September 2016 at 09:40, Armin <armin at melware.de> wrote:
> Hello all,
>
> as written in my other posts, I have a setup of about seven
> hosts. Two of them (A and B) use StrictSubnets and an own routing via
> a special host (C), because C has better connection to the A and B than a
> direct A-B connection.
>
> Host C is in a place where I need to create special security settings.
> The VPN encrypted data shall not be available on host C.
> There is no need for host C be in routing of tinc vpn, it just shall
> forward the encrypted packets to another host when needed.
>
> Is it possible to setup a host as part of a tinc network without the
> access to the packets (decrypted)?
> Or do I need to setup some other kind of tunnel for this?
>
> Armin
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160902/5c0e25a1/attachment.html>
More information about the tinc
mailing list