Isolating a subnet on demand

Guus Sliepen guus at tinc-vpn.org
Mon May 4 21:27:01 CEST 2015


On Mon, May 04, 2015 at 08:50:36PM +0200, Anne-Gwenn Kettunen wrote:

> Hi! I'm setting up a VPN with friends of mine, and we are currently
> considering the possibility to opening the subnet to more people.
> Considering that one day or another we may have to isolate a subnet (because
> of bad behaviour, or because it has been compromised), which solution(s)
> would you recommend for such a situation?

There is no centralized way to remove a subnet or block a user. A user
is authorized to be on the network by other nodes that have his/her
public key. If you delete the offending host config files and let tinc
reload its configuration, you can remove a bad node from the network.

If you have one or a few central nodes where all other nodes ConnectTo,
then it is easy to do. Another option is to use a tool like ChaosVPN to
centrally manage your tinc configuration and host config files. See:

https://github.com/ryd/chaosvpn

You can adapt it for your own VPN. Windows support is lacking though.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150504/c59c91b1/attachment.sig>


More information about the tinc mailing list