search for: central_node_from_other_side

...ACL = +10.42.42.42 # this client's assigned subnet > ConnectionSubnetACL = -ALL # deny everything else > > /etc/tinc/my_network/hosts/other_central_node: > ConnectionSubnetACL = +ALL # trust everything from that node (could be > the default) > > /etc/tinc/my_network/hosts/central_node_from_other_side: > ConnectionSubnetACL = +10.13.37.0/24 # the other side's subnet space > ConnectionSubnetACL = -ALL # deny everything else The ACLs will be simple if there are distinct subnet ranges on each "side". But if Subnets are scattered around or if there are many connections per node,...

...hosts/client_node: ConnectionSubnetACL = +10.42.42.42 # this client's assigned subnet ConnectionSubnetACL = -ALL # deny everything else /etc/tinc/my_network/hosts/other_central_node: ConnectionSubnetACL = +ALL # trust everything from that node (could be the default) /etc/tinc/my_network/hosts/central_node_from_other_side: ConnectionSubnetACL = +10.13.37.0/24 # the other side's subnet space ConnectionSubnetACL = -ALL # deny everything else And the resulting behavior: - tinc will only accept and forward ADD_SUBNET messages received over a direct connection to client_node if they refer to 10.42.42.42/32 (client n...