Il 2017-07-11 12:29 Guus Sliepen ha scritto:
On Tue, Jul 11, 2017 at 09:58:39AM +0200, Alessandro Briosi wrote:
I understand on a security bug or something, but having to rekey all
the
hosts 'cause someone gets fired to me it sounds insane.
There must be an easy way to block somebody from connecting to the
VPN?
Isn't removing it's reference on the "servers" enough?
The proper way is to remove the host key files of those nodes on all
other nodes. If only the "servers" have a copy of those host files, you
only need to remove it on the servers.
This sounds much more reasonable. Thanks.
Note that you need to send the tinc daemons on those servers the HUP
signal (or "tincd -kHUP" for tinc 1.0, "tinc reload" for tinc 1.1) to
have them reread the host config files and disconnect any nodes for
which it doesn't have a host config file anymore.
_______________________________________________
Yes, the same when adding a node.
Thank you.
Alessandro
_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
