search for: autoconnect

...- Tinc didn't restore a mesh and the split remained. The graph was generated at this point Some info regarding our config: - we are using tinc 1.1pre14 - we are using tinc in router mode - We do not have any ConnectTo variables mentioned in any nodes (maybe this is our problem) - All nodes use AutoConnect=yes How we fixed it: - we explicitly added some ConnectTo variables to node R - We reloaded tinc on node R (tinc reload) - The mesh was restored Some questions: - should we have a combination of both ConnectTo and AutoConnect to avoid such a network split? - Say we have 3 ConnectTo variables and...

Thanks Guss, some comments and questions: If you make the yellow nodes ConnectTo all other nodes, and not have > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > no ConnectTo's, then you will get the desired graph. The reason this approach is not desirable is because it fails at automation. It requires us to add a new line of AutoConnect = <new node that joined tinc> to both yellow...

...ireless wlp3s0 # You can check exit code and number of lines. If number of lines is 0, it means the connection is not active and you can try to activate it and get exit code of the command # nmcli con up AndroidAP-notepro Also, it could be useful to know what value you have for "connection.autoconnect" for this connection. If it is yes, in theory it should automatically reactivate when it returns available. In my case my AndroidAP-notepro connection is to be manually activated and in fact I have # nmcli con show AndroidAP-notepro | grep connection.autoconnect: connection.autoconnect:...

Hi Guus Following your suggestion we reconfigured our tinc network as follows. Here is a new graph and below is our updated configuration: http://imgur.com/a/n6ksh - 2 Tinc nodes (yellow labels) have a public external IP and port 655 open. They both have ConnectTo's to each other and AutoConnect = yes - The remainder tinc nodes (blue labels) have their tinc.conf set up as follows: ConnectTo = yellow1 ConnectTo = yellow2 AutoConnect = yes - Blue labeled nodes also have their port 655 open, but no node in the network has a ConnectTo to any blue labeled node - we are still u...

...it code and number of lines. > If number of lines is 0, it means the connection is not active and you > can try to activate it and get exit code of the command > > # nmcli con up AndroidAP-notepro > > Also, it could be useful to know what value you have for > "connection.autoconnect" for this connection. > If it is yes, in theory it should automatically reactivate when it > returns available. > > In my case my AndroidAP-notepro connection is to be manually activated > and in fact I have > > # nmcli con show AndroidAP-notepro | grep connection.autoco...

...> > We knew there was a network partition since the graph showed a split. This > graph is not very helpful but its what I have at the moment: > > http://i.imgur.com/XP2PSWc.png The graph is very clear. > Some questions: > - should we have a combination of both ConnectTo and AutoConnect to avoid > such a network split? No, it's a bug in AutoConnect. I've just pushed a fix to the 1.1 branch that will try to continue to connect to unreachable nodes, even if a node already has 3 or more connections. > - Say we have 3 ConnectTo variables and then AutoConnect=yes, would...

...I restart NetworkManager, it creates a new bond with the same name but not connected to any device. Two bonds with the same name is confusing for my other monitoring scripts. I'm wondering why a second bond is created? Is it a bug in NetworkManger? #Create a bond with two slaves nmcli con add autoconnect no type bond con-name bond0 ifname bond0 nmcli con mod bond0 ipv6.method ignore ipv4.method manual ipv4.addresses ${BOND_IP}/${BOND_CIDR} ${BOND_GW} ${BOND_DNS} ${BOND_DNS_SEARCH} ipv4.never-default no ipv4.ignore-auto-dns no nmcli con add autoconnect no type bond-slave con-name bond-slave-eth0 if...

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote: > > &...

On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote: > If you make the yellow nodes ConnectTo all other nodes, and not have > > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > > no ConnectTo's, then you will get the desired graph. > > The reason this approach is not desirable is because it fails at > automation. It requires us to add a new line of AutoConnect = <new node > that joined...

...exit code and number of lines. > If number of lines is 0, it means the connection is not active and you can > try to activate it and get exit code of the command > > # nmcli con up AndroidAP-notepro > > Also, it could be useful to know what value you have for > "connection.autoconnect" for this connection. > If it is yes, in theory it should automatically reactivate when it returns > available. > > In my case my AndroidAP-notepro connection is to be manually activated and > in fact I have > > # nmcli con show AndroidAP-notepro | grep connection.autoconn...

...ph and below is our updated configuration: > http://imgur.com/a/n6ksh [...] > We are concerned that: > - We still dont see edges in the graph that show connections between every > blue labeled node to both the yellow labeled nodes > > Any reason why we dont see these edges? Yes, AutoConnect will still remove outgoing connections that it thinks are redundant. So even if the initial ConnectTo's will cause nodes to connect to the yellow ones, after a while they can remove those. > Is there something missing in our configuration? If you make the yellow nodes ConnectTo all other n...

...s. >> If number of lines is 0, it means the connection is not active and you >> can try to activate it and get exit code of the command >> >> # nmcli con up AndroidAP-notepro >> >> Also, it could be useful to know what value you have for >> "connection.autoconnect" for this connection. >> If it is yes, in theory it should automatically reactivate when it >> returns available. >> >> In my case my AndroidAP-notepro connection is to be manually activated >> and in fact I have >> >> # nmcli con show AndroidAP-notepr...

thanks Guus for the quick response. I am using tinc 1.1 if I use AutoConnect = yes then will it automatically remove connections that are no longer in use? What are the security issues with 'AutoConnect = yes' I should be worried? for my use case I might go upto 20 to 30 + tinc hosts connected to single tinc box. as per the doc AutoConnect = yes is experimental, I a...

...name but >> not connected to any device. Two bonds with the same name is confusing for >> my other monitoring scripts. >> I'm wondering why a second bond is created? Is it a bug in NetworkManger? >> >> >> #Create a bond with two slaves >> nmcli con add autoconnect no type bond con-name bond0 ifname bond0 >> nmcli con mod bond0 ipv6.method ignore ipv4.method manual ipv4.addresses >> ${BOND_IP}/${BOND_CIDR} ${BOND_GW} ${BOND_DNS} ${BOND_DNS_SEARCH} >> ipv4.never-default no ipv4.ignore-auto-dns no >> nmcli con add autoconnect no type bo...

Hi, I was quite surprised to see commmit 332b55d4 ("Change AutoConnect from int to bool"). Is there experimental evidence supporting 3 as the hardcoded maximum number of meta-connections? If there is a good reason for this limit on the number of meta-connections, maybe it should apply whatever the value of AutoConnect (currently, it is only enforced when AutoCo...

...s a new bond with the same name but > not connected to any device. Two bonds with the same name is confusing for > my other monitoring scripts. > I'm wondering why a second bond is created? Is it a bug in NetworkManger? > > > #Create a bond with two slaves > nmcli con add autoconnect no type bond con-name bond0 ifname bond0 > nmcli con mod bond0 ipv6.method ignore ipv4.method manual ipv4.addresses > ${BOND_IP}/${BOND_CIDR} ${BOND_GW} ${BOND_DNS} ${BOND_DNS_SEARCH} > ipv4.never-default no ipv4.ignore-auto-dns no > nmcli con add autoconnect no type bond-slave con-nam...

Hello, I want to know how works exactly the AutoConnect option, and what happen if we have more than 1000 nodes, with this option enabled. And another question is, how much stable is the version 1.1pre14 for production use. Thanks.

...be a 1.1pre15 to > upgrade to? There will be an 1.1pre15, but if you want you can apply the following commit: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=92fdabc439bdb5e16f64a4bf2ed1deda54f7c544 > - What is the workaround until we patch with this fix? Using a combination > of AutoConnect and ConnectTo? Yes. > - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* > dir with an IP to ConnectTo ? Yes. Tinc always needs the public key of a peer and an Address in order to be able to connect to it. -- Met vriendelijke groet / with kind regards, Guus...

...device. Two bonds with the same name is confusing > for > >> my other monitoring scripts. > >> I'm wondering why a second bond is created? Is it a bug in > NetworkManger? > >> > >> > >> #Create a bond with two slaves > >> nmcli con add autoconnect no type bond con-name bond0 ifname bond0 > >> nmcli con mod bond0 ipv6.method ignore ipv4.method manual > ipv4.addresses > >> ${BOND_IP}/${BOND_CIDR} ${BOND_GW} ${BOND_DNS} ${BOND_DNS_SEARCH} > >> ipv4.never-default no ipv4.ignore-auto-dns no > >> nmcli con ad...

...re will be an 1.1pre15, but if you want you can apply the following > commit: > > https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h= > 92fdabc439bdb5e16f64a4bf2ed1deda54f7c544 > > > - What is the workaround until we patch with this fix? Using a > combination > > of AutoConnect and ConnectTo? > > Yes. > > > - When we use ConnectTo, is it mandatory to have a cert file in the > hosts/* > > dir with an IP to ConnectTo ? > > Yes. Tinc always needs the public key of a peer and an Address in order > to be able to connect to it. > > -- >...