automation refers to day to day vpn management from non-IT layman... not a geek running shell/ansible scrpits.
On Thu, Mar 29, 2018 at 8:48 AM, al so <[email protected]> wrote: > Just search online why in general that is insecure via CLI vs programmatic > for first class automation.. there is a reason why snmp, rest, ... exist. > > On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <[email protected]> > wrote: > >> You've mentioned security issues in your previous email, but now you're >> hopping to management issues. >> >> Have you tried Ansible, Chef or Puppet for automation? It works well for >> hundreds of servers, different services and not just one kind of VPN. >> >> >> Tomasz Chmielewski >> https://lxadm.com >> >> >> On 2018-03-29 16:10, al so wrote: >> >>> Programmatic management with first class APIs is preferred for larger >>> deployments.. >>> >>> On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski <[email protected]> >>> wrote: >>> >>> Could you elaborate on why CLI (SSH) managing is insecure? >>>> >>>> Tomasz Chmielewski >>>> https://lxadm.com >>>> >>>> On 2018-03-27 04:23, al so wrote: >>>> So, for remote manageability of Tinc, we don't have any SNMP or >>>> REST >>>> like programmatic ways? >>>> >>>> If it is going to be CLI only, it is definitely not secure to manage >>>> and also not very convenient to manage programmatically. >>>> >>>> On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <[email protected]> >>>> wrote: >>>> >>>> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote: >>>> >>>> Is there any quickstart guide to setup site-to-site VPN using >>>> >>> Tinc 1.1 >>> >>> pre-rel? >>>>> >>>> >>> You can find an example of a site-to-site VPN with four sites here: >>> >>> http://tinc-vpn.org/documentation/Example-configuration.html [1] [1] >>> >>> Assuming I have two routers at two sites running tinc vpn along >>>>> >>>> with >>> >>> routing feature. >>>>> >>>> >>> If you only have two sites, then just look at the example >>> configuration >>> for "Branch A" and "Branch B" in the page I linked, and ignore the >>> other >>> two sites. >>> >>> Once I setup manually and validate the connection, I want to >>>>> >>>> automate >>> >>> using REST APIs. >>>>> >>>> >>> Tinc does not expose any REST APIs. With tinc 1.1, you can use the >>> command line tool to automate things though, see: >>> >>> http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html [2] [2] >>> >> >
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
