From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 30A331384B4 for ; Sun, 6 Dec 2015 09:25:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C422D21C078; Sun, 6 Dec 2015 09:24:58 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id B98EC21C070 for ; Sun, 6 Dec 2015 09:24:57 +0000 (UTC) Received: from digimed.co.uk (fenchurch.digimed.co.uk [192.168.1.6]) by mail.digimed.co.uk (Postfix) with ESMTPA id 514F323B050 for ; Sun, 6 Dec 2015 09:24:56 +0000 (GMT) Date: Sun, 6 Dec 2015 09:24:51 +0000 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Open RC problem? Message-ID: <20151206092451.6dcf9c2e@digimed.co.uk> In-Reply-To: <201512051849.25840.michaelkintzios@gmail.com> References: <33706115.JSY9fdmmfA@wstn> <201512051413.22902.michaelkintzios@gmail.com> <20151205143157.54fc07c3@digimed.co.uk> <201512051849.25840.michaelkintzios@gmail.com> Organization: Digital Media Production X-Mailer: Claws Mail 3.13.0-96-gade3676 (GTK+ 2.24.28; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/ozpseIMHCMe684b_=ajkJiB"; protocol="application/pgp-signature" X-Archives-Salt: 6617cff4-ba2f-41e0-b2e9-27bbfcd251f4 X-Archives-Hash: 3cf4d42fa8e91c6fa8f93aa4ea03c5d2 --Sig_/ozpseIMHCMe684b_=ajkJiB Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sat, 5 Dec 2015 18:49:16 +0000, Mick wrote: > > It's basically a P2P VPN. You set up a network on the controller and > > then join it from various machines. Those machines register with the > > network controller, and receive an IP address from it, but the actual > > communication is direct between the computers. So your data is private > > and if both computers are on the same LAN, you still get full LAN > > speed between them. > >=20 > > It use a TUN/TAP interface, for example on this laptop: > >=20 > > zt0: flags=3D4163 mtu 2800 > > inet 10.252.252.6 netmask 255.255.255.0 broadcast > > 10.252.252.255 ether 46:96:8c:9c:02:e1 txqueuelen 500 (Ethernet) =20 >=20 > So is this a userspace tunnel implementation, with the controller > playing the role of a remote VPN gateway? Like OpenVPN? The controller is not a gateway, it is only used to connect the computers initially. It's more like a bittorrent tracker or DNS server, it facilitates the connection but doesn't see any of it. > What encryption does it use? =46rom https://www.zerotier.com/tech_faq.shtml ZeroTier currently uses 256-bit Curve25519 elliptic curve Diffie-Hellman for shared key agreement and Ed25519 for elliptic curve signatures. 256-bit Salsa20 with Poly1305 authentication is used to encrypt traffic in transit. The construction and use of these algorithms is identical to the well-regarded NaCl cryptographic library.=20 > > So I can connect to 10.252.252.6 from anycomputer on my zerotier > > network, but you cannot. You may even have the same IP address for > > one of the computers on your network. > >=20 > > It's open source and if you want optimum security, or want to run a > > network of more than 10 computers without paying a fee, you can run > > your own controller. =20 >=20 > Wouldn't IPSec be more preferable? I'm trying to understand the > benefit/need for yet another tunneling solution. Ease of use and maintenance and flexibility. Creating a network takes seconds, adding a client takes a few more, and you can use it all the time, even if you are already connected to your physical network. --=20 Neil Bothwick Top Oxymorons Number 39: Almost exactly --Sig_/ozpseIMHCMe684b_=ajkJiB Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZj/uMACgkQum4al0N1GQPX6wCglfKyEHb0dRLUcimasZQwXVw6 s1YAnjnWIHVXiU26dJr4SusqapBQfC+E =m7ow -----END PGP SIGNATURE----- --Sig_/ozpseIMHCMe684b_=ajkJiB--