Some tinc clatifications
Alessandro Briosi
tsdogs at briosix.org
Wed Jul 12 12:51:25 CEST 2017
Il 2017-07-11 12:29 Guus Sliepen ha scritto:
> On Tue, Jul 11, 2017 at 09:58:39AM +0200, Alessandro Briosi wrote:
>
>> I understand on a security bug or something, but having to rekey all
>> the
>> hosts 'cause someone gets fired to me it sounds insane.
>> There must be an easy way to block somebody from connecting to the
>> VPN?
>> Isn't removing it's reference on the "servers" enough?
>
> The proper way is to remove the host key files of those nodes on all
> other nodes. If only the "servers" have a copy of those host files, you
> only need to remove it on the servers.
>
This sounds much more reasonable. Thanks.
> Note that you need to send the tinc daemons on those servers the HUP
> signal (or "tincd -kHUP" for tinc 1.0, "tinc reload" for tinc 1.1) to
> have them reread the host config files and disconnect any nodes for
> which it doesn't have a host config file anymore.
>
> _______________________________________________
Yes, the same when adding a node.
Thank you.
Alessandro
More information about the tinc
mailing list