Comments (8)
gsliepen
commented on July 31, 2024
1
That might work for you, but it might not work for everybody. In particular: the chroot environment has to be prepared so hostname resolution continues to work and files must be readable by user nobody. But also if one has more scripts than just tinc-up (which is the only one executed before the setuid() call), then user nobody is probably not what you want. So unfortunately I cannot add that without breaking a lot of people's setup.
from tinc.
aflyhorse
commented on July 31, 2024
since journald automatically separate logs from each service, I recommend adding '-d 1' to show more details regarding connection failed, re-established, etc.
from tinc.
commented on July 31, 2024
It could also be 0 or 2, depending... 2 can also be very useful, at one point I forgot to chmod +x tinc-up and it didn't work...
DEBUG LEVELS
The tinc daemon can send a lot of messages to the syslog. The higher the debug level, the more mes‐
sages it will log. Each level inherits all messages of the previous level:
0 This will log a message indicating tincd has started along with a version number. It will
also log any serious error.
1 This will log all connections that are made with other tinc daemons.
2 This will log status and error messages from scripts and other tinc daemons.
3 This will log all requests that are exchanged with other tinc daemons. These include authenti‐
cation, key exchange and connection list updates.
4 This will log a copy of everything received on the meta socket.
5 This will log all network traffic over the virtual private network.
from tinc.
Hoeze
commented on July 31, 2024
Hi,
I've got another safety related improvement:
ExecStart=/usr/sbin/tincd -n %i -D -R -U nobody
This would automatically chroot tincd to the config directory and drop privileges to 'nobody' user.
Works for me on Debian Stretch + ArchLinux.
from tinc.
tuxcrafter
commented on July 31, 2024
@gsliepen can you take a look at [email protected] because on debian 10 I had to manually restart the service after boot because
Oct 02 19:05:53 tincvpn01 tincd[341]: bridge br0 does not exist!
In /lib/systemd/system/[email protected] I added
[Unit]
After=network.target
and now everything works as expected....
from tinc.
fangfufu
commented on July 31, 2024
@tuxcrafter , that's because tinc comes up before your br0. br0 is a bridge device, I put my tinc on a bridge as well. I have to add pre-up /sbin/brctl addbr br0 in my /etc/network/interfaces.d/br0 to make it work. The way systemd brings up the network is quite complicated, with dependencies and etc.
from tinc.
fangfufu
commented on July 31, 2024
Closing issue as PR #134 has been closed.
from tinc.
fangfufu
commented on July 31, 2024
This ticket was reopened, because there are two pull requests related to this.
from tinc.
Related Issues (20)
- uses bogus MAC length HOT 1
- Got bad ID from <unknown> HOT 2
- Error joining to Linux node from Windows
- this page is broken. https://www.tinc-vpn.org/examples/ipv6-network/ HOT 1
- Relaying doesn't work when TCPOnly is enabled
- Performance improvements via TSO/GRO and UDP_SEGMENT HOT 4
- Please add time when you output the log. There are too many retry link logs but do not know the time. HOT 1
- Peer has an invalid key! on tinc join
- DNS failure and delays break connections HOT 1
- Is the project still being maintained? HOT 20
- Which routing protocol does Tinc use in router mode? HOT 5
- [Bug] Adding a simple failing test case for sssp_bfs() HOT 3
- zip build HOT 3
- Invitation-generated tinc-up tries to set address/route before bringing up interface
- Handling 100+ groups? (+1 master) HOT 1
- server can not exchange the server‘s host HOT 1
- Peer tries to roll back protocol version to 17.0, Error while processing ID
- have the ability to compile with mbed-tls
- Question: Is there a limit/impact of huge amount of Subnet announcement?
- Compile with miniupnpc 2.2.8 fails
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tinc.