Guillermo Bisheimer
2016-Dec-24 03:12 UTC
Allow direct connection between some (but not all) nodes on the network
I'm using tinc 1.1pre14 to establish a VPN between 10 servers and a few administration clients. I have a central server that runs Tinc and all other servers and clients connect to it. I need the to be able to establish a direct connection between the administration clients and the servers, but block the server between each other. I couldn't find a way to do this with tinc, but meantime I'm using the options Forwarding=kernel and tunnel_server=yes and a bunch of firewall rules in order to accomplish the network topology I need. I don't have direct connection between admin clients and the servers, but it works. When I set tunnel_server=no (default value) and a server connects to the central server, it receives all host keys that are available in the central server and other connected clients. I would like to be able to tell the central server which host keys each connected peer is allowed to receive. This way I could run tinc in full mesh mode but I can build any network topology I need. Is there a way to do this? Thanks!!! -- *Ing. Guillermo Bisheimer* *B&S Sistemas de Control y Equipamientos* Av. de los Constituyentes 1172 (E3116CIX) Crespo, Entre Ríos Tel/Fax: (0343) 407-8990 (Nuevo número) Cel: (0343) 154679052 WEB: www.bys-control.com.ar e-mail: gbisheimer at bys-control.com.ar skype: guillermo.bisheimer -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20161224/8afdde67/attachment.html>
Guus Sliepen
2016-Dec-29 12:45 UTC
Allow direct connection between some (but not all) nodes on the network
On Sat, Dec 24, 2016 at 03:12:15AM +0000, Guillermo Bisheimer wrote:> I'm using tinc 1.1pre14 to establish a VPN between 10 servers and a few > administration clients. I have a central server that runs Tinc and all > other servers and clients connect to it. I need the to be able to establish > a direct connection between the administration clients and the servers, but > block the server between each other.This is not supported by tinc. I would normally recommend that you use one VPN per administrative domain, but if you are have 10 or more domains, I can see that this is becoming a hassle to set up. Still, it's only one tinc setup per server, only on the administrative clients you need to configure multiple tinc networks.> I couldn't find a way to do this with tinc, but meantime I'm using the > options Forwarding=kernel and tunnel_server=yes and a bunch of firewall > rules in order to accomplish the network topology I need. I don't have > direct connection between admin clients and the servers, but it works.That's the best alternative solution if you can live without direct connections. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20161229/53693240/attachment.sig>
Maybe Matching Threads
- AUTOREPLY Allow direct connection between some (but not all) node...
- [Announcement] Tinc versions 1.0.32 and 1.1pre15 released
- Allow direct connection between some (but not all) nodes on the network (Guus Sliepen)
- [Announcement] Tinc versions 1.0.32 and 1.1pre15 released
- [Announcement] Tinc versions 1.0.32 and 1.1pre15 released