Some tinc clatifications

Alessandro Briosi tsdogs at briosix.org
Wed Jul 12 12:51:25 CEST 2017


Il 2017-07-11 12:29 Guus Sliepen ha scritto:
> On Tue, Jul 11, 2017 at 09:58:39AM +0200, Alessandro Briosi wrote:
> 
>> I understand on a security bug or something, but having to rekey all 
>> the
>> hosts 'cause someone gets fired to me it sounds insane.
>> There must be an easy way to block somebody from connecting to the 
>> VPN?
>> Isn't removing it's reference on the "servers" enough?
> 
> The proper way is to remove the host key files of those nodes on all
> other nodes. If only the "servers" have a copy of those host files, you
> only need to remove it on the servers.
> 

This sounds much more reasonable. Thanks.

> Note that you need to send the tinc daemons on those servers the HUP
> signal (or "tincd -kHUP" for tinc 1.0, "tinc reload" for tinc 1.1) to
> have them reread the host config files and disconnect any nodes for
> which it doesn't have a host config file anymore.
> 
> _______________________________________________

Yes, the same when adding a node.

Thank you.
Alessandro


More information about the tinc mailing list