On Wed, 9 Nov 2005 at 10:33 -0700, Corey Edwards wrote: > On Wed, 2005-11-09 at 10:16 -0700, Andrew McNabb wrote: > > On Wed, Nov 09, 2005 at 09:16:39AM -0700, Corey Edwards wrote: > > > > On Wed, Nov 09, 2005 at 08:23:36AM -0700, Hans Fugal wrote: > > > > > > > > > > Provided you're using the server mode (which implies TLS). If you are > > > > > using e.g. preshared keys then you'd have to run a second daemon on > > > > > the > > > > > "server" peer (with its own tun). > > > > > > TLS is the way to go. First, a few references. > > > > > > > That's what I've been doing all along. My question, though, is what is > > the setup that requires a second server daemon? > > If the server is configured to use a secret key, it can handle only one > connection to one peer. I gather that it's something to do with the > protocol. In order to add another client (be it TLS or shared secret) > you would need a second daemon running on a new port.
Plus the fact that the original design was one-to-one, and then they added server mode with TLS (because really anyone doing many-to-one should be using the more secure TLS anyway), and there was much rejoicing. Basically, see the manpage in the --server section. -- Hans Fugal ; http://hans.fugal.net There's nothing remarkable about it. All one has to do is hit the right keys at the right time and the instrument plays itself. -- Johann Sebastian Bach
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
