similar to: Rationale behind MACExpire

Hi all, We are using Tinc 2.0.22 as a layer 2 VPN between nodes over the Internet. We are experiencing very slow network speed using Tinc. Between 2 nodes, we have 150 Mbit/s network speed without Tinc (public IPv4 to public IPv4 using iperf), and only 3 Mbit/s using Tinc (private IPv4 to private IPv4). Here is the configuration of Tinc we use : AddressFamily = ipv4 BindToInterface = vmbr1

Dear Guys and Girls, I have two group of tinc nodes, say A and B. The network quality between A and B is unstable. I am wondering what algorithm tinc is using for delivering and relaying packets. How does one tinc node decide which the "next hop" is when its destination can not be reached directly or too slow to reach directly? The real situation is like this, nodes in group A and B

Folks, We have a setup where each mobile node connects with 1 or more tinc instances (over different links) to a central node. tinc is running in switch mode. The link is chosen by setting the IP address on the active link's interface, and the central node sees this after the first packet on the link, and moves the MAC address to a different 'ethernet port' (link). This works really

Hi guys and gals, I just wanted to compile tinc with vde interface, but found src/vde is missing in tar balls of tinc-1.0.16 and tinc-1.0.14. I remember once I have compiled vde on tinc-1.0.14. Is it removed intentionally? I couldn't find an update in ChangeLog. Besides, the newest code in git fails to compile, because of a redefined extern static variable in src/vde/device.c. I need to

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

On 7 December 2015 at 17:20, Florent B <florent at coppint.com> wrote: > I have a cluster of 5 nodes, running Proxmox 4, and Tinc as "virtual > switch" for my nodes : on each node, a bridge "vmbr1" where Tinc is > connected, provides me a secured network for my VMs (connected to that > bridge). > > When I move (hot move) a VM from a host to another, I

Guys, What was the rationale behind moving to the swiss army-ish method of render(:X), as opposed to the various render_X methods that existed before? I find it easier to keep the render_X style in my brain, rather than trying to remember what the valid parameters to render() are. It''s also more code completion friendly. Just curious. Thanks, John -- Posted via

Hi, I´m using Tinc for several years, but I didn´t fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo

Hello, I am tying to create tinc vpn for the ~1000 nodes and was thinking why meta connections are needed at all if I only need static configuration where every node knows addresses of other hosts and due to the amount of traffic any indirect connections will not work, so DirectOnly=yes is a must and then passing around routing information is not needed, right? Currently I have 10 nodes

Hi all, I am behind a firewall which only let UDP 80 go through. In order to connect to an outside public node by UDP, I can set ... Port = 80 ... However, an httpd is running on the public node, occupying TCP 80. How can I configure tinc to bind on TCP 8080 but listen to UDP 80? Redirecting UDP 80 to UDP 8080 on the public node is one method. Is there a more elegant way to

The server has a 1G symmetrical fibre line. It has been speedtested to various local servers to be close to 800-900M. When there is only a single client, there isn't much problem and as soon as the connection is made, the ping time through to tunnel is a respectable 30ms. As soon as a few more clients are connected, ping time degrades to hundreds and sometimes seconds and with dropped packets.

On Tue, Jun 21, 2016 at 01:04:31PM +0200, Hendrik Schumacher wrote: > From time to time the whole network goes down though. This happened when we > restarted a larger number of servers or when there was a connectivity issue > between datacenters or some (short) maintenance on the network > infrastructure. The problem was already described in the mailing list (for > example here:

Dear all, I like tinc and am using it widely in the company I work for. Currently I'm experimenting with 'switch' mode & have a problem with packets being forwarded. I've tried possible combinations with next parameters: a) Broadcast = direct b) Forwarding = kernel c) DirectOnly = yes From the documentation, it looks like (a) should be enough to stop packet forwarding

hey, is there a way to run tinc on a (linux) box, with a public ip, but on which i don't have root privileges ? the server just connects nodes (behind natted firewall) & relays their traffic, so no need for tap/tun interface on the box itself. ptr_ -- http://www.L45.be/voidpointer 0493 52 5009

Thank you for the helpful advice. We will try to group the servers with different ConnectTo servers first. If this does not help we will look at the TunnelServer solution. Just to make sure we understand TunnelServer correctly: do you need to specify every host as ConnectTo that the host should be able to communicate with or is it sufficient to just provide the hosts files? Thanks, Hendrik

Hi, I'm using Tinc v1.0.11 on Ubuntu 10.04 and seeing high CPU usage (up to 30%) on what I wouldn't consider high traffic levels. The traffic is application server to database server connections and multicast communication for session-replication on the application server. I'm running the tinc daemons in switch mode, to support the multicast. I have tried settings: TunnelServer =

Hi, At my provider (xs4all) I've got an ipv6 tunnel working. Now I would like to distribute ipv6 via the tinc tunnel. My tinc.conf: ------------ Name=server AddressFamily=ipv4 Device=/dev/net/tun PrivateKeyFile=/etc/tinc/fvhglobalnet/rsa_key.priv GraphDumpFile=|/usr/bin/dot -Tpng -o /var/www/htdocs.keetweej.vanheusden.com/stats/tinc-fvh-network-graph.png Mode=switch KeyExpire=299

Hi, I use openssh-2.3.0p1, and the following occurs : [cyril at ts2 cyril]$ rsync -essh -r cyril at beda:zwz . cyril's password: unexpected EOF in read_timeout [cyril at ts2 cyril]$ FATAL: Received signal 10. and in beda log is : Jan 11 12:31:30 6E:beda sshd[2220748]: Accepted password for cyril from 195.113.46.2 port 1045 ssh2 Jan 11 12:31:30 3E:beda sshd[2220748]: error: channel 0:

On Wed, Apr 15, 2015 at 10:28:36PM +0900, Benda Xu wrote: > I am behind a firewall which only let UDP 80 go through. In order to > connect to an outside public node by UDP, I can set > > ... > Port = 80 > ... > > However, an httpd is running on the public node, occupying TCP 80. > > How can I configure tinc to bind on TCP 8080 but listen to UDP 80?

Hi, we use a tinc network of about 400 nodes, all of them linux servers, partly in different datacenters (but generally low latency). Usually this is working very well (for weeks without a problem). >From time to time the whole network goes down though. This happened when we restarted a larger number of servers or when there was a connectivity issue between datacenters or some (short)