|
|
|
|
|
|
by zingmars
2172 days ago
|
|
|
yup, `sudo tinc -n %VPNNAME% invite %CLIENTNAME%` will generate an invite URL on the server side and `tinc join %INVITEURL%` will let you join it. It's definitely really easy now, but unfortunately it's being marked as a pre-release which sets tinc back a bit imho. As for revocation, I have a similar setup and I agree. My worry is that in a theoretical situation an attacker could get access to a network and then spread his key to the entire network and there's little you can do about it. For personal use it's fine (I use it), but because of this, I would be vary of using Tinc for some sort of production use (although I've heard of people doing it). Even if it's a big IF since you need to actually have an access to a node to generate an invite, the attack surface is still there and there's no good way to undo it. |
|
|
It's really a good point you have about a hacker adding themselves to the network. I never thought of that. That could happen with every client so the attack surface is pretty big. It would be great if this feature could be reserved to only certain trusted devices (like the ones I have designated 'servers').
So maybe there is a good point to at least monitor the network activity with this 1.1 feature. Hmm... Thanks for getting me thinking about this!