On Thu, 4 May 2017, Parke wrote: > How does tincd determine the subnet(s) of other remote nodes? Does > tincd read its copies of the hosts file and parse and follow the > subnet information contained in the local files? Or does tincd solely > trust the subnet information dynamically advertised by each remote > node? > > In my experimentation, it seems that: > > a) tincd reads its own subnet(s) from its copy of its own host file, but > > b) tincd ignores the subnets specified in the other hosts files. > > This would seem to mean that if: > > 1) There are three nodes, A, B, and C, and > 2) Node B is offline, and > 3) Node C is compromised and advertises itself as serving B's subnet(s), and > 4) Node A sends traffic to an IP address on one of B's subnets, then > 5) Node C will intercept the traffic that A believes A is sending to B's > subnet. > > Is the above description of how tincd operates correct? > > Is this an intentional choice? If so, what is the reasoning behind it? > > It seems to me that this behavior (trusting all advertised subnets) is > unexpected and possibly undocumented. The behavior would also seem to > prioritize convenience over security. > > (I am running tinc version 1.0.24 on Debian.)
The StrictSubnets = yes looks like what you want. Then a node only routes subnets as defined in locally existing hosts files, not announced from the outside anymore. c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F. _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
