Hello, I am using tinc in a lot of contexts related to servers and general infrastructure. Recently another potential use-case appeared: providing a VPN for remote devices (located at customer sites and maybe not exclusively under our control). The tinc configuration allows to restrict the direct traffic between such remote devices easily: DirectOnly = yes Forwarding = off TunnelServer = no The tricky part seems to be meta data: every node is aware of all other nodes (and partly also their IP addresses). This is not desirable in a context where devices from multiple customers would be part of the same network. Can you imagine a trivial solution, which would prevent this sharing of meta information regarding other nodes and edges? According to my understanding, such a use-case is simply out of scope for tinc. But nevertheless I would be surprised and happy, if this assumption would prove to be wrong :) Cheers, Lars PS: providing a separate tinc network for each customer would be a potential workaround. Maybe this will be the way to go ...