On Sun, Mar 11, 2012 at 05:19:11PM +0000, Graham Cobb wrote:
> I have been using tinc for an IP V4 VPN for many years. I am about to
start
> looking at IP V6.
>
> All the examples I have found use switch mode. I really don't want to
use
> switch mode -- this is a wide-area network, plus it will include several
> different networks and I want to be able to put in place firewall rules
> between some of them. I plan a star topology, with a central routing (and
> firewall) node with tinc connections to each site where there is a router
> handling that site's subnets (or, in some cases, just single nodes).
>
> Is there any reason I cannot use router mode for IPV6? Any disadvantages?
There is no reason why you cannot use router mode for IPv6. Tinc supports IPv4
and IPv6 equally well in router Mode.
> I think, from the documentation, that that means that IP multicast will not
> work -- while certainly not critical, is there any chance of getting it to
> work (through the central router)?
IPv6 multicast is supported, more or less. Packets with a destination address
that falls in the ff00::/8 range are broadcast to all nodes. While not optimal
this means that all multicast programs should be able to work.
However, Avahi by default ignores point-to-point interfaces. When tinc is in
router Mode, the VPN interface is in tun mode, which means it is
point-to-point. Also, tinc delivers the multicast packets only to the VPN
interface. If you want them to be forwarded to the LAN, you have to set up
multicast routing. In switch mode, you can bridge the LAN and the VPN
interface, which automatically takes care of that.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20120311/9dc7653f/attachment.pgp>