tinc distributes IP address information to VPN nodes

Xaquseg xaquseg at gmail.com
Tue May 8 05:40:11 CEST 2012


On 5/7/2012 3:58 AM, Guus Sliepen wrote:
> On Sun, May 06, 2012 at 06:02:18PM -0500, Xaquseg wrote:
> 
>> tinc distributes IP address information to VPN nodes as part of its
>> internal protocol. This is useful in most situations, however in some
>> configurations this can be a security issue. Is there a way to disable
>> that, if not, how hard would that be to add?
> 
> You can use the TunnelServer option, which will stop forwarding Subnet
> information to other nodes. Or you can remove the Subnets from the host config
> files and use Mode = switch in tinc.conf in which case no IP address will be
> exchanged, only MAC addresses.
> 
> However, if not all your peers trust each other, my advice would be not to put
> them all in the same VPN.

That avoids subnet information, however the problem is the exchange of
the public IP addresses, not the internal ones. (I probably should've
been more clear in the initial question about that detail...)


More information about the tinc mailing list