Il 2017-07-10 18:32 Matthew Nichols ha scritto:
1. That entirely depends on how you have it set up (look at
StrictSubnets and TunnelServer). It might also be recommended to have
every node re-key itself (http://tinc-vpn.org/security/).
I've used StrictSubnets and TunnelServer (and probably will keep using
this so roadwarriors don't see eachother, though looking at the logs and
adding the route manually simply would allow them to connect to the
others in some cases), but that's not the point.
I understand on a security bug or something, but having to rekey all the
hosts 'cause someone gets fired to me it sounds insane.
There must be an easy way to block somebody from connecting to the VPN?
Isn't removing it's reference on the "servers" enough?
2. No, tinc cannot do this itself.
ok
3. That is not a bad approach.
ok
-----Original Message-----
From: tinc [mailto:[email protected]] On Behalf Of Alessandro
Briosi
Sent: Monday, July 10, 2017 1:43 AM
To: [email protected]
Subject: Some tinc clatifications
Hi all,
I'm currently happily using tinc in my networks.
I also use OpenVPN based on the customer requirements.
I though have some questions which I could not find a clear answer.
What I'd like to know is:
1. How to revoke a "node", simply removing the host file on the servers
is enough? And one created by invitation?
2. Is there a way to let tinc ask for a username/password (like it's
possible with OpenVPN)?
(I know this might be complicated as one would have to have a
centralized or synced user db, but that's not tinc business anyway).
3. Suppose I have 3 or more tinc "servers", is it suggested that the
"hosts" directory be synced between thoose hosts?
Thank you.
Alessandro
_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
