Fwd: How to avoid friends of friends joining the vpn ?

Azul mail at azulinho.com
Sun Mar 13 19:22:57 CET 2016


Thanks I will look into StrictSubnets,

while digging through the mailling list I came across this:
https://github.com/siblynx/tinc-1.0.16_hostupd/blob/master/README.hostupd

which is pretty close to what I need

That looks to be a fork on its own, with no PR raises for addding that
functionality to the main tinc, unless I missed it out.
Are there any plans to bring that functionality in ?

-azul

On 13 March 2016 at 17:52, Guus Sliepen <guus at tinc-vpn.org> wrote:

> On Sun, Mar 13, 2016 at 04:57:12PM +0000, Azul wrote:
>
> > Tinc 1.0
> > 3 control masters
> > Many service hosts
> > Laptop (road warrior)
> >
> > The control masters have the public keys for the service hosts and the
> > laptop so that they can join the network.
> >
> > How can I prevent the laptop user to connect additional boxes to the
> > network?
>
> There are several ways. One can be to have two VPNs, one for trusted
> nodes, and one for untrusted nodes like your laptop user. Another option
> is to use the TunnelServer or the StrictSubnets options to restrict what
> other nodes can do.
>
> But even if you could prevent the laptop user from introducing foreign
> hosts using tinc, he can simply use a separate VPN to have foreign nodes
> connect to his laptop, and then use NAT to give them access your VPN. So
> in short, if you don't trust someone to behave, you shouldn't allow him
> access at all.
>
> --
> Met vriendelijke groet / with kind regards,
>      Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160313/f3a0bf44/attachment.html>


More information about the tinc mailing list