t vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
On Fri, Mar 23, 2012 at 12:44:14PM +0100, Julian Bäume wrote:
> Am Donnerstag, 22. März 2012, 17:14:55 schrieb Guus Sliepen:
> > I just tried to reproduce this and it appears the DecrementTTL option
> > introduced in tinc 1.0.17, which defaults to "yes", causes neigh
actly what it was meant to prevent. Anyway, the default will be to
not decrement the TTL in the next version of tinc.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
ti
multicast communication with UML/QEMU/KVM.
This version of tinc is compatible with 1.0pre8, 1.0 and later, but not
with earlier version of tinc.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
ke" it give me a lot of
> errors.
There is a list in the README. But in short: OpenSSL, libevent, zlib and
liblzo. And you should ./configure before you run make.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
_
d for tinc 1.0.13.
> And other thing, In this machine I can install perfectly Tinc 1.0.18 and not
> give me any error when compile or execute "make".
>
> This only occurs when I try to install Tinc 1.1pre2.
It would help if you could send us a copy of the output of "m
ts, however, one will have priority over
the other. So, while GWA and GWB are connected, packets to X.Y.0.1 will go most
likely only to GWA, whether it is sent from nodeA2 or nodeB3. You can manually
adjust the priority of Subnets (see the manual).
--
Met vriendelijke groet / with ki
e public IP is forwarded to private IP of
> the video device behind the Tinc VPN).
There are usually multiple ways to achieve your goal :) I should have pointed
you to this proxy-ARP example, it might also do what you want without involving
the bridge:
http://tinc-vpn.org/examples/proxy-arp/
mply handle a datagram for a Subnet they don't know to the other one?
They share the Subnets.
> In the first case, I guess there'd be no problem in extending the number
> of GWx hosts (and thus connected networks) arbitrarily. Is that true?
Yes, you can in principle have
ently has 131 nodes
running tinc, and a lot of these are Fonera routers, which have much lower
specs than Alix or Commell boards as far as I know.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
__
enssl/ecdh.h and openssl/ec.h. These
are included in the 1.1pre2 tarball, try unpacking it again and recompiling.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@
gt; (Btw, seems a bad idea for a filename to be the same as one part of a
> required library, but should not create more than confusion ;)
That might be true...
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
_
nnect the VPN
to your LANs. This will prevent broadcast traffic, including DHCP discovery
packets, from crossing the VPN. Have a look at this example:
http://tinc-vpn.org/examples/proxy-arp/
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Desc
or a node, then both will be executed, the generic one first. So if you use
the generic scripts, you still need the server-up script, but you can remove
the first "ip route add" command from it. It works the same for -down scripts.
--
Met vriendelijke groet /
nSSL 1.0.1 library, and link that with
tinc. Or you can install a shared one in a non-standard location, so other
programs will not try to link with it, and start tincd with LD_LIBRARY_PATH
pointing to the newer OpenSSL library.
--
Met vriendelijke groet / with kind regards,
Guus Slie
ect connection to B3. This will fail of course, but it
should not have an effect on latency.
> Thanks a lot, Guus. And sorry for my insistence in all those technical
> details, but our project has some atypical requirements and being able
> to use tinc would be a great boon and a t
boards as far as I know.
>
> Have you made some performance tests on the fonera?
>
> I would not expect tinc to max out the capacity of the ethernet
> interface, since it consumes already too much cpu on x86.
I've heard an estimate of 40 Mbit/s for the Fonera.
--
Met vriendelijke
ut error
[...]
> # cat tinc.conf
> Name = laptop
> Mode = switch
I think you need to add "Device = /dev/tap0" to your tinc.conf. (Tinc is using
the wrong device by default in this case.)
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Descript
. But for what it's worth, that tun/tap
driver is mentioned in the manual:
http://www.tinc-vpn.org/documentation/tinc_2.html#Configuration-of-Darwin-_0028MacOS_002fX_0029-kernels
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signatur
/ with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
ever, if not all your peers trust each other, my advice would be not to put
them all in the same VPN.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-
groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
e attack using
those private keys).
If you just want to understand how tinc works, you can disable UDP packet
encryption using "Cipher = none", and by disabling meta-connection encryption
using the --bypass-security option when starting tinc.
be blocking incoming
connections or ICMP packets on the VPN interface.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
onfigurations except for the Port they are listening on,
and use the bonding driver to spread packets out over all of them. If that
prevents the ISP from dropping packets, it might improve your VPN's performace.
--
Met vriendelijke groet / with kind regar
proxies, and proxying through an
external command.
This version of tinc is compatible with 1.0pre8, 1.0 and later, but not
with earlier version of tinc.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
want to use. In the
tinc-up scripts, just put:
#!/bin/sh
echo +$INTERFACE >/sys/class/net/bond0/bonding/slaves
ifconfig $INTERFACE up
You have to use bonding on both nodes for this to work, and you have to use
Mode = switch in tinc.conf.
--
Met vriendelijke groet / with kind rega
Ok, I see the problem already, retry() calls do_outgoing_connection(), which
can call connection_del(), which means "node = node->next" in retry() will give
wrong results. Expect a fix soon.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
56 dev $INTERFACE
ip link set $INTERFACE up
> -> Will site local multicast work? Eg will all ntp-servers be reachable by
> ff05::101?
Yes, that will work.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
_
bin/sh
ifconfig $INTERFACE up
hosts/foo-down:
#!/bin/sh
ifconfig $INTERFACE down
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn
16 to $INTERFACE, not 10.0.1.1/24.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
t; ifconfig $INTERFACE up
> >
> > hosts/foo-down:
> >
> > #!/bin/sh
> > ifconfig $INTERFACE down
> >
>
> Do these run before or after tinc-up?
The tinc-up script is always the first that runs, tinc-down is the very last
one. All other scripts run in between.
--
etc.
No. Why would you want to do this anyway?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
odes only.
Ah, I thought you wanted a routed setup, but now you are bringing layer 2 into
the picture! I still don't know what problem you are trying to solve. Why do
you need different VLANs, and why do you need to be able to change which one a
node
reifunk-network, that
> uses private ADSL-links
Certainly not 1 Mbit/s continuous traffic? I would only suspect such an amount
for just a second when a node makes a connection.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
t vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
On Wed, Jul 04, 2012 at 04:38:49PM +1000, Andrew Cowie wrote:
> On Tue, 2012-07-03 at 10:39 +0200, Guus Sliepen wrote:
> > > Node supplies id A on handshake -> netwerk abc
> > > Node supplies id X on handshake -> network xyz
>
> > No. Why would you want to do
outing correctly you can have the iPhone connect to a node
running both tinc and PPTP, and have it access all the other tinc nodes through
it.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
ination host it is trying to reach can be unreachable for a
variety of reasons.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
o spitzer
will automatically also become reachable to chronos. Therefore, the subnet-up
script is called for each of their subnets.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
ou can always connect two VPNs together with bridging or routing, so that
might be the best option for now.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
h
g on what you want exactly, you can also do without tap
devices at all. Since version 1.0.17, tinc has the ability to connect to a VDE
switch. KVM can do so as well. So you can set up a VDE switch and have both
tinc and KVM use that. You still want to run tinc in switch mode in that case.
-
see the documentation of the
Mode variable.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
> But if I turn TCPOnly=yes? Will Meta and Data flow in one
> tcp-session or also in two different?
They will be in one TCP session.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
_
It will only make one connection at a
time, but when it fails it will try the other Address. Tinc does not support
multiple simultaneous connections between two daemons.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
On Fri, Aug 24, 2012 at 01:04:31PM +, Folkert van Heusden wrote:
> I'd like to add you to my professional network on LinkedIn.
Please don't send invitations of any social media platform to public mailing
lists!
--
Met vriendelijke groet / with kind regards,
t1's tinc-up:
#!/bin/sh
ifconfig $INTERFACE 10.0.2.15 netmask 255.0.0.0
That way, you should be able to ping 10.0.2.15 directly from the server.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
unless I use switch mode. Is this
> a limitation of how tinc works, or am I possibly still doing something
> wrong?
You are still doing something wrong ;) If you want you can send your host
config files and tinc-up scripts again, and I can tell you if there still is a
problem with them.
--
Me
incd process. That will catch all possible errors.
- I would assume people do want to give the mesh interface some IP address. How
would you do that in puppet? I would think you would have to generate tinc-up
files for the nodes, but there may be other possibilities.
--
Met v
in mind?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
ions about that... although I've
heard some people talk about using puppet to configure tinc.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
/dev/fd/0 http://developer.android.com/reference/android/net/VpnService.html
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
he PrivateKey or PublicKey options in tinc.conf or the
host config files, instead of PrivateKeyFile and PublicKeyFile. Usually it is
best not to use any of those options. Can you check whether that might solve
your problem?
--
Met vriendelijke groet / with kind regards,
Guus S
roblem, then either don't use both options
simultaneously, or try to raise the limit of maximum locked address space for
the user you want tincd to run as (for example, using
/etc/security/limits.conf).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
des, but will not be compatible with
1.1pre2 nodes.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
ation.)
Which version are you using exactly? Recent versions also send UDP packets at
the PingInterval, this is part of the PMTUDiscovery feature which is enabled by
default.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
_
odic packets. You should consider
upgrading!
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
reliably only with one?
In principle it should work with only one tinc interface per node.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
other with this because only a small percentage of
> traffic will trigger the switch to TCP mode? Maybe another good things
> would be to deploy tinc without MTU modifications and monitor it closely
> and see how it behaves.
No, all the TCP traffic inside VLANs would cause tinc t
interface, or to add RADIUS support directly into tinc. It is certainly
possible, but such a feature is low on my todo list, but I welcome any patches.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
__
ork, the "via
10.0.0.1" part is simply ignored.
I do not know exactly what you want to accomplish, but I think you want to use
"Mode = switch". That way, the VPN works like a regular layer 2 switch and the
ip route commands work as you intended.
--
Met vriendelij
y idea of what's wrong? What am I missing?
You should install libncurses5-dev and libreadline6-dev as well. I see that
isn't mentioned in the manual, I'll add that.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
_
lly creates a full mesh network
between an arbitrary number of peers, while only specifying a handful of
(initial) connections between peers. This is very difficult to reproduce with
OpenVPN or IPsec in tunnel mode.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
De
d (at boot, or on Linux
everytime you restart tinc).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
with tinc.
Well, the firewall rules can be different for the LAN interface than for the
VPN interface. Also, the DHCP server might only listen on the LAN interface for
some reason.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signat
the lower weight is
preferred. Currently, if you have two identical Subnets with the same weight,
the one owned by the node whose name sorts lower alphabetically is preferred.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
_
rotate.conf:
/var/log/tinc.netname.log {
rotate 7
daily
postrotate
/usr/sbin/tincd -n netname -kHUP
endscript
}
Or if you are using tinc 1.1, use "/usr/sbin/tincctl -n netname reload"
instead. If that still doesn't work, let me know.
--
Met vri
m using switch mode.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
On Fri, Nov 30, 2012 at 12:10:01AM +0100, albi wrote:
> Am 29.11.2012 21:31, schrieb Guus Sliepen:
> > As I already said, the way to indicate a preference is to give the Subnets
> > different weights. See the description of the Subnet variable in the manual.
>
> Ah thanks.
und the source of the problem and the fix. And thanks for
telling us!
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
ve the tincctl command to make it easier to get a list of only
online nodes.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
quot;. But now you can get the
answer with the command mentioned above and grep or wc.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
may not be compatible with
1.1pre1 through 1.1pre3 nodes.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
use the List-Id header.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
have
> the current functionality, but be able to have UDP multicasts in the
> VPN as well?
Contrary to what the manual says, multicast IP traffic is also supported in
router mode, so you don't need to use switch mode for D-LAN.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
packets
overtake session key exchange via TCP. I could reproduce the hangs; a bug in
the processing of periodic events caused an infinite loop to occur. It is now
fixed in git. I'll release a new version with the fix soon.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
s
The bug I just fixed is specific to 1.1pre4, it is not in any other version,
and only occurs on Windows.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.
k
nodes to try to connect to. If a large fraction of your nodes are offline or
behind NAT, then it might take a while before tinc picks a node that it can
connect to. You can still have ConnectTo lines in tinc.conf, tinc will always
try to connect to those when it has just started.
--
Met vriendeli
ler, there is no way to work around it.
http://tinc-vpn.org/git/browse?p=tinc;a=blob_plain;f=NEWS
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
htt
LISTEN 5164/tincd
>
> root@[hostname]:~# tincctl --net=[netname]
> tinc.[netname]> dump nodes
> Cannot connect to ::1 port 655: Connection timed out
It is even stranger to get connection timeouts to localhost. Could it be that
you have firewall rules blocking connections to po
n compile it statically there (use ./configure
LDFLAGS=-static; make), and then copy the binaries to the CentOS machine.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
onf. This will make sure the
encrypted packets inherit the TOS field of the original packets.
I don't think there is any way of inheriting a firewall mark, if that is what
you were talking about.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Descri
ot;Plans for 2.0" in http://tinc-vpn.org/goals/. I should
update that document, most of the plans for 1.1 have already been
implemented...
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
appeared in the windows application event log and
> on the remote Debian based 1.0.13 tinc server.
That is not a bug. Node names are case sensitive, for all versions of tinc, on
all platforms.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description:
after
"import" or "export".
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
rted on this platform
Does it not show you that error message? Perhaps the error message should
mention you cannot use the "--mlock" option on Windows. In any case, I'll make
note in the manual that this option is not supported on all platforms.
--
Met vriendelijke groet / with kind
On Sun, Jan 13, 2013 at 08:48:09PM -0600, Rob Townley wrote:
> tinc 1.1pre4 Win7x64 import does not recognize Unix EOL
Hm, it seems to work fine for me. What exactly did you try to do?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digi
ed in git, I'll have to release
1.1pre5 soon.
By the way, thanks for testing 1.1pre4 and reporting all the problems you
found!
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mai
On Mon, Jan 14, 2013 at 05:02:06AM -0600, Rob Townley wrote:
> On Mon, Jan 14, 2013 at 4:32 AM, Guus Sliepen wrote:
> > On Sun, Jan 13, 2013 at 08:48:09PM -0600, Rob Townley wrote:
> >
> >> tinc 1.1pre4 Win7x64 import does not recognize Unix EOL
> >
> > Hm
try. The tincctl start command (or invoking tincd directly)
will also never overwrite an existing entry.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.o
x on them ;)
> Will non-root users be able to execute
> tincctl.exe import?
If the hosts/ directory is writable by the user running tincctl import, it will
work.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Di
is not the problem, could you send me a copy of your tinc.conf?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
see I only ever implemented this for router mode. I made it work in switch
mode as well, you can try the latest version (either the master or 1.1 branch)
from git.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
__
arious techniques to ensure that the packets will not be
fragmented, without you having to change the MTU of the virtual network
interface.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
a
> backup program to run after boot - but then the tinc interface doesn't
> come up for 15 minutes after booting, which screws the whole process
> and confuses the hell out of that poor program too... ;-)
For now just add something like "MaxTimeout = 30" to tinc.conf :)
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
other 1.1pre5 nodes, but may not be compatible with
1.1pre1 through 1.1pre4 nodes.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://www.tinc
trying to do and any errors it encounters. If
that doesn't help you, please send a copy of the debug output, and your
tinc.conf, tinc-up and host config files.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
__
ss to the VPN would be
for B to remove hosts/EvilNode. I agree this is not ideal. However, "putting
the keys in DNSSEC" in itself is not an improvement, it merely shifts the
problem and makes the whole system more complex.
For tinc 1.1, I will probably add a way to blacklist specific nod
roblem with the service getting deleted? It will get added
again when you do tincctl start.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http://ww
t is best to try the experimental tuntap driver, if that works we
should let Mattias Nissler know.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen
signature.asc
Description: Digital signature
___
tinc mailing list
tinc@tinc-vpn.org
http:/
1 - 100 of 1036 matches
Mail list logo
