site-site vpn setup..

Tomasz Chmielewski mangoo at wpkg.org
Thu Mar 29 18:03:07 CEST 2018


SNMP is mainly used for monitoring, not _server_ automation.

Also, it's inherently insecure for anything else - only SNMPv3 offers 
any kind of encryption, and it's DES - 56 bit only, and you can easily 
brute-force it on an average computer.


If you could provide some serious articles about why is CLI insecure, 
I'd be interested to read.


Tomasz Chmielewski
https://lxadm.com


On 2018-03-30 00:48, al so wrote:
> Just search online why in general that is insecure via CLI vs
> programmatic for first class automation..  there is a reason why snmp,
> rest, ... exist.
> 
> On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org>
> wrote:
> 
>> You've mentioned security issues in your previous email, but now
>> you're hopping to management issues.
>> 
>> Have you tried Ansible, Chef or Puppet for automation? It works well
>> for hundreds of servers, different services and not just one kind of
>> VPN.
>> 
>> Tomasz Chmielewski
>> https://lxadm.com
>> 
>> On 2018-03-29 16:10, al so wrote:
>> Programmatic management with first class APIs is preferred for
>> larger
>> deployments..
>> 
>> On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski
>> <mangoo at wpkg.org>
>> wrote:
>> 
>> Could you elaborate on why CLI (SSH) managing is insecure?
>> 
>> Tomasz Chmielewski
>> https://lxadm.com
>> 
>> On 2018-03-27 04:23, al so wrote:
>> So, for remote manageability of Tinc, we don't have any SNMP or
>> REST
>> like programmatic ways?
>> 
>> If it is going to be CLI only, it is definitely not secure to manage
>> and also not very convenient to manage programmatically.
>> 
>> On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <guus at tinc-vpn.org>
>> wrote:
>> 
>> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote:
>> 
>> Is there any quickstart guide to setup site-to-site VPN using
>> Tinc 1.1
>> 
>> pre-rel?
> 
> You can find an example of a site-to-site VPN with four sites here:
> 
> http://tinc-vpn.org/documentation/Example-configuration.html [1] [1]
> [1]
> 
>>> Assuming I have two routers at two sites running tinc vpn along
>   with
> 
>>> routing feature.
> 
> If you only have two sites, then just look at the example
> configuration
> for "Branch A" and "Branch B" in the page I linked, and ignore the
> other
> two sites.
> 
>>> Once I setup manually and validate the connection, I want to
>   automate
> 
>>> using REST APIs.
> 
> Tinc does not expose any REST APIs. With tinc 1.1, you can use the
> command line tool to automate things though, see:
> 
> http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html [2] [2]
> [2]
> 
> 
> 
> Links:
> ------
> [1] http://tinc-vpn.org/documentation/Example-configuration.html
> [2] http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html


More information about the tinc mailing list