Daniel J. Grinkevich
2015-Jun-11 12:31 UTC
tinc as layer 2 switch doesn't automatically mesh with other nodes
We have a handful of nodes set up. Some are NAT'd but a few have direct access to the Internet. Sample confs: HostA: Name = HostA AddressFamily = any Interface = tap0 Mode = switch Connectto = HostB GraphDumpFile = /tmp/mesh HostB: Name = HostB AddressFamily = any Interface = tap0 Mode = switch Connectto = HostA GraphDumpFile = /tmp/mesh And so on. If I use HostA as the main meta sever. None of the other nodes will connect to each other. I was under the assumption that the nodes should establish a mesh and not stay in this star layout. Is this because I don't have a layer 3 setup? We are running bmx6 over the tunnels. None of the nodes have a subnet assigned to them as we only need a layer 2 connection. Thanks, Dan -- GPG Key: 45EBD675 <http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x7B0002AD45EBD675> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150611/0949b20e/attachment.html>
Etienne Dechamps
2015-Jun-11 17:35 UTC
tinc as layer 2 switch doesn't automatically mesh with other nodes
What do you mean by "connect to each other"? The nodes will not establish new metaconnections besides the ones you configured. They will, however, try to reach other directly over UDP when sending packets. That happens independently of the metaconnections themselves. You can use "tinc info" to check for this. It should say the other node is reachable "directly over UDP". Make sure you use the link at the same time (e.g. ping) so that tinc actively tries to establish a UDP tunnel. On 11 June 2015 at 13:31, Daniel J. Grinkevich <danielgrinkevich at gmail.com> wrote:> We have a handful of nodes set up. Some are NAT'd but a few have direct > access to the Internet. > > Sample confs: > > HostA: > Name = HostA > AddressFamily = any > Interface = tap0 > Mode = switch > Connectto = HostB > GraphDumpFile = /tmp/mesh > > HostB: > Name = HostB > AddressFamily = any > Interface = tap0 > Mode = switch > Connectto = HostA > GraphDumpFile = /tmp/mesh > > And so on. If I use HostA as the main meta sever. None of the other nodes > will connect to each other. I was under the assumption that the nodes should > establish a mesh and not stay in this star layout. > > Is this because I don't have a layer 3 setup? We are running bmx6 over the > tunnels. None of the nodes have a subnet assigned to them as we only need a > layer 2 connection. > > Thanks, > Dan > > -- > > GPG Key: 45EBD675 > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >
Etienne Dechamps
2015-Jun-11 18:01 UTC
tinc as layer 2 switch doesn't automatically mesh with other nodes
tinc uses direct UDP communication for performance, not reliability. If you want to establish more metaconnections for increased reliability, you can use AutoConnect (though it probably won't work across NATs). A better solution is to use two central nodes (instead of one) for redundancy. On 11 June 2015 at 18:59, Daniel J. Grinkevich <danielgrinkevich at gmail.com> wrote:> If we have one meta node and it goes offline none of the other nodes can > talk to each other. I was under the assumption the mesh would stay up of > that happens. > > We are using tinc strictly as a layer 2 switch, no IP addresses assigned to > interface. > > The build of tinc I'm using only offers 'tincd' (using it on OpenWRT). > > Dan > > On Jun 11, 2015 13:36, "Etienne Dechamps" <etienne at edechamps.fr> wrote: >> >> What do you mean by "connect to each other"? The nodes will not >> establish new metaconnections besides the ones you configured. They >> will, however, try to reach other directly over UDP when sending >> packets. That happens independently of the metaconnections themselves. >> >> You can use "tinc info" to check for this. It should say the other >> node is reachable "directly over UDP". Make sure you use the link at >> the same time (e.g. ping) so that tinc actively tries to establish a >> UDP tunnel. >> >> On 11 June 2015 at 13:31, Daniel J. Grinkevich >> <danielgrinkevich at gmail.com> wrote: >> > We have a handful of nodes set up. Some are NAT'd but a few have direct >> > access to the Internet. >> > >> > Sample confs: >> > >> > HostA: >> > Name = HostA >> > AddressFamily = any >> > Interface = tap0 >> > Mode = switch >> > Connectto = HostB >> > GraphDumpFile = /tmp/mesh >> > >> > HostB: >> > Name = HostB >> > AddressFamily = any >> > Interface = tap0 >> > Mode = switch >> > Connectto = HostA >> > GraphDumpFile = /tmp/mesh >> > >> > And so on. If I use HostA as the main meta sever. None of the other >> > nodes >> > will connect to each other. I was under the assumption that the nodes >> > should >> > establish a mesh and not stay in this star layout. >> > >> > Is this because I don't have a layer 3 setup? We are running bmx6 over >> > the >> > tunnels. None of the nodes have a subnet assigned to them as we only >> > need a >> > layer 2 connection. >> > >> > Thanks, >> > Dan >> > >> > -- >> > >> > GPG Key: 45EBD675 >> > >> > >> > _______________________________________________ >> > tinc mailing list >> > tinc at tinc-vpn.org >> > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >