Hi We have several stale nodes in our tinc network and I'd like to remove these. These nodes show up in graph dumps as red nodes, indicating they are unreachable. We run: tinc -n <vpn-name> purge Nothing happens. If we tail the logs at /var/log/syslog, we dont see an ack or message concerning the purge either. The dead nodes still show up in the graphs and their certs are still around in the hosts/ dir. We are using tinc1.1pre14 Any ideas what we could try? -nirmal -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170912/5fc83813/attachment.html>
On Tue, Sep 12, 2017 at 04:08:57PM -0700, Nirmal Thacker wrote:> We have several stale nodes in our tinc network and I'd like to remove > these. > > These nodes show up in graph dumps as red nodes, indicating they are > unreachable. > > We run: tinc -n <vpn-name> purge > > Nothing happens. If we tail the logs at /var/log/syslog, we dont see an ack > or message concerning the purge either. The dead nodes still show up in the > graphs and their certs are still around in the hosts/ dir.Ah, if you are using AutoConnect, TunnelServer or StrictSubnets, tinc keeps information from nodes that have a file in hosts/ alive. Maybe I should allow the reachable keyword for the dump graph command as well, so you can do: tincctl -n <netname> dump reachable graph ...and not see any nodes which are unreachable. Is that what you want? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170913/8a765c83/attachment.sig>
> > Maybe I should allow the reachable keyword for the dump graph command as > well, so you can do: > > tincctl -n <netname> dump reachable graph > > ...and not see any nodes which are unreachable. Is that what you want?This would help since dead nodes do not clutter the visual representation. What are the effects, if any, of dead nodes in the hosts/ dir? Thanks -nirmal On Wed, Sep 13, 2017 at 8:28 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:> On Tue, Sep 12, 2017 at 04:08:57PM -0700, Nirmal Thacker wrote: > > > We have several stale nodes in our tinc network and I'd like to remove > > these. > > > > These nodes show up in graph dumps as red nodes, indicating they are > > unreachable. > > > > We run: tinc -n <vpn-name> purge > > > > Nothing happens. If we tail the logs at /var/log/syslog, we dont see an > ack > > or message concerning the purge either. The dead nodes still show up in > the > > graphs and their certs are still around in the hosts/ dir. > > Ah, if you are using AutoConnect, TunnelServer or StrictSubnets, tinc > keeps information from nodes that have a file in hosts/ alive. > > Maybe I should allow the reachable keyword for the dump graph command as > well, so you can do: > > tincctl -n <netname> dump reachable graph > > ...and not see any nodes which are unreachable. Is that what you want? > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170913/0c0a6a54/attachment-0001.html>
Seemingly Similar Threads
- purge doesn't remove dead nodes
- Conflicting Default Values. A trusts B. B trusts EvilNode. Does that mean A trusts EvilNode?
- using both ConnectTo and AutoConnect to avoid network partitions
- purge doesn't remove dead nodes
- using both ConnectTo and AutoConnect to avoid network partitions