site-site vpn setup..

al so volkswak at gmail.com
Fri Mar 30 21:12:35 CEST 2018


There is a reason most NMS systems used SNMP in the past and REST apis past
7+ years. They don't use CLIs except toy Expect type scripts.. Not just
security but better error handling and more.

Good luck learning!

On Thu, Mar 29, 2018 at 9:03 AM, Tomasz Chmielewski <mangoo at wpkg.org> wrote:

> SNMP is mainly used for monitoring, not _server_ automation.
>
> Also, it's inherently insecure for anything else - only SNMPv3 offers any
> kind of encryption, and it's DES - 56 bit only, and you can easily
> brute-force it on an average computer.
>
>
> If you could provide some serious articles about why is CLI insecure, I'd
> be interested to read.
>
>
> Tomasz Chmielewski
> https://lxadm.com
>
>
>
> On 2018-03-30 00:48, al so wrote:
>
>> Just search online why in general that is insecure via CLI vs
>> programmatic for first class automation..  there is a reason why snmp,
>> rest, ... exist.
>>
>> On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <mangoo at wpkg.org>
>> wrote:
>>
>> You've mentioned security issues in your previous email, but now
>>> you're hopping to management issues.
>>>
>>> Have you tried Ansible, Chef or Puppet for automation? It works well
>>> for hundreds of servers, different services and not just one kind of
>>> VPN.
>>>
>>> Tomasz Chmielewski
>>> https://lxadm.com
>>>
>>> On 2018-03-29 16:10, al so wrote:
>>> Programmatic management with first class APIs is preferred for
>>> larger
>>> deployments..
>>>
>>> On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski
>>> <mangoo at wpkg.org>
>>> wrote:
>>>
>>> Could you elaborate on why CLI (SSH) managing is insecure?
>>>
>>> Tomasz Chmielewski
>>> https://lxadm.com
>>>
>>> On 2018-03-27 04:23, al so wrote:
>>> So, for remote manageability of Tinc, we don't have any SNMP or
>>> REST
>>> like programmatic ways?
>>>
>>> If it is going to be CLI only, it is definitely not secure to manage
>>> and also not very convenient to manage programmatically.
>>>
>>> On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <guus at tinc-vpn.org>
>>> wrote:
>>>
>>> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote:
>>>
>>> Is there any quickstart guide to setup site-to-site VPN using
>>> Tinc 1.1
>>>
>>> pre-rel?
>>>
>>
>> You can find an example of a site-to-site VPN with four sites here:
>>
>> http://tinc-vpn.org/documentation/Example-configuration.html [1] [1]
>> [1]
>>
>> Assuming I have two routers at two sites running tinc vpn along
>>>>
>>>   with
>>
>> routing feature.
>>>>
>>>
>> If you only have two sites, then just look at the example
>> configuration
>> for "Branch A" and "Branch B" in the page I linked, and ignore the
>> other
>> two sites.
>>
>> Once I setup manually and validate the connection, I want to
>>>>
>>>   automate
>>
>> using REST APIs.
>>>>
>>>
>> Tinc does not expose any REST APIs. With tinc 1.1, you can use the
>> command line tool to automate things though, see:
>>
>> http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html [2] [2]
>> [2]
>>
>>
>>
>> Links:
>> ------
>> [1] http://tinc-vpn.org/documentation/Example-configuration.html
>> [2] http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180330/1c9967aa/attachment.html>


More information about the tinc mailing list