commit 98f88101704d15bf806e528799bf04a0be20cf88 parent 86f921adfa15bfe90d01cb2f7c913651b6640c29 Author: Stefan Koch <programming@stefan-koch.name> Date: Mon, 21 Dec 2020 21:08:43 +0100 add note that radvd on host is only temporary Diffstat:
| M | README.md | | | 6 | +++++- |
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md @@ -64,7 +64,11 @@ the following entry in `visudo`: youruser ALL=(ALL) NOPASSWD: /usr/bin/ip, /usr/bin/radvd ``` -This is not a perfect solution but Linux capabilities inheritance to +Having `radvd` on the host machine is only a temporary solution. In a real +setup, the VPN has to manage the internal IP addresses itself. We will +probably provide an init-script template for a machine that does this. + +Requiring `sudo` is not a perfect solution but Linux capabilities inheritance to subprocesses seems quite complicated, and without inheritance we'd have to grant `CAP_NET_ADMIN` to both `ip` and `tincd`. This might be undesired, because then any user can change network devices. Another option could be to