search for: connectto

...54 on all subnets) Pfsense1 is 172.16.1.0 Pfsense2 is 172.16.2.0 Pfsense4 is 172.16.4.0 Etc.. Partial file contents of /etc/config/tinc config tinc-net NETNAME option enabled 1 option logfile /tmp/log/tinc.log option debug 1 option AddressFamily ipv4 list ConnectTo=pfsense2 list ConnectTo=pfsense4 list ConnectTo=pfsense12 list ConnectTo=pfsense201 list ConnectTo=pfsense11 list ConnectTo=pfsense1 list ConnectTo=pfsense19 list ConnectTo=pfsense7 list ConnectTo pfsense26 list ConnectTo pfsen...

I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts. I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf file, the issue is I am not able to figure out which ConnectTo is been used and which are stale, say NOT used in last 2 to 3 days. I want to remove those ConnectTo which are no longer actively used....

Hi Guus Following your suggestion we reconfigured our tinc network as follows. Here is a new graph and below is our updated configuration: http://imgur.com/a/n6ksh - 2 Tinc nodes (yellow labels) have a public external IP and port 655 open. They both have ConnectTo's to each other and AutoConnect = yes - The remainder tinc nodes (blue labels) have their tinc.conf set up as follows: ConnectTo = yellow1 ConnectTo = yellow2 AutoConnect = yes - Blue labeled nodes also have their port 655 open, but no node in the network has a ConnectTo to an...

Thanks Guss, some comments and questions: If you make the yellow nodes ConnectTo all other nodes, and not have > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > no ConnectTo's, then you will get the desired graph. The reason this approach is not desirable is because it fails at automation. It requires us to add a new line of AutoConnect = &l...

...e connections with the new node. Check for typos. > Partial file contents of /etc/config/tinc > > config tinc-net NETNAME > option enabled 1 > option logfile /tmp/log/tinc.log > option debug 1 > option AddressFamily ipv4 > > list ConnectTo=pfsense2 > list ConnectTo=pfsense4 > list ConnectTo=pfsense12 > list ConnectTo=pfsense201 > list ConnectTo=pfsense11 > list ConnectTo=pfsense1 > list ConnectTo=pfsense19 > list ConnectTo=pfsense7 > list ConnectT...

On Mon, Jan 12, 2015 at 12:37:24PM +0530, Anil Moris wrote: > I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts. > > I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf > file, the issue is I am not able to figure out which ConnectTo is been used > and which are stale, say NOT used in last 2 to 3 days. > > I want to remove those ConnectTo whic...

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote: > > > Today our...

Hi, Tinc Expert in my tinc.conf, the ConnectTo to host X is commented, like below: #ConnectTo = X and there is a script: /etc/tinc/netname/hosts/X-up, I thought commented the ConnectTo X wouldn’t trigger the X-up, but it did. Why? What’s the logic behind to trigger host-up? How can I avoid this except remove the host-up file? Bright Zhao

...ud. It would be helpful if we can have more info about AutoConnect = yes in the documentation. On Mon, Jan 12, 2015 at 5:55 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Mon, Jan 12, 2015 at 12:37:24PM +0530, Anil Moris wrote: > > > I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts. > > > > I am planning to automate a periodic cleanup of ConnectTo in the > tinc.conf > > file, the issue is I am not able to figure out which ConnectTo is been > used > > and which are stale, say NOT used in last 2 to 3 days. > > > >...

...e R was shutdown for maintenance - We saw a network split - we brought node R back up. - Tinc didn't restore a mesh and the split remained. The graph was generated at this point Some info regarding our config: - we are using tinc 1.1pre14 - we are using tinc in router mode - We do not have any ConnectTo variables mentioned in any nodes (maybe this is our problem) - All nodes use AutoConnect=yes How we fixed it: - we explicitly added some ConnectTo variables to node R - We reloaded tinc on node R (tinc reload) - The mesh was restored Some questions: - should we have a combination of both ConnectT...

...t just happens. For us it would be important that tinc continues working with the hosts that are still reachable and that it recovers itself and we do not have to stop and start the whole network manually. We already tried to tweak the configuration to limit the amount of metadata by only having 3 ConnectTo hosts (the same ones everywhere) and using Broadcast = no DirectOnly = yes Cipher=aes-128-cbc (Apart from Name, AddressFamily, BindToAddress, Interface and ConnectTo that are the only settings we use in tinc.conf). We are also going to increase PingTimeout to 30 and reduce the number of ConnectT...

On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote: > If you make the yellow nodes ConnectTo all other nodes, and not have > > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > > no ConnectTo's, then you will get the desired graph. > > The reason this approach is not desirable is because it fails at > automation. It requires us to add a new...

...54 on all subnets) Pfsense1 is 172.16.1.0 Pfsense2 is 172.16.2.0 Pfsense4 is 172.16.4.0 Etc.. Partial file contents of /etc/config/tinc config tinc-net NETNAME option enabled 1 option logfile /tmp/log/tinc.log option debug 1 option AddressFamily ipv4 list ConnectTo=pfsense2 list ConnectTo=pfsense4 list ConnectTo=pfsense12 list ConnectTo=pfsense201 list ConnectTo=pfsense11 list ConnectTo=pfsense1 list ConnectTo=pfsense19 list ConnectTo=pfsense7 list ConnectTo pfsense26 list ConnectTo pfsen...

...right? I tested this in my environment. A >> B >> X > On 1 May 2017, at 3:07 PM, Narcissus Emi <eminarcissus at gmail.com> wrote: > > X-up is being called when any connection is being built between node A and node X, it doesn't have anything to do whether you have connectTo in the config file or not. > Because tinc is a mesh network, if node A have a direct connection to node B, and node B have a connection to node X, you can have a connection between A and X, and X-up is being called at the moment when it built a connection on demand. > > -- > Narcissus...

Hi there!!! I'm returned to TINC :D I've got a question: I've setted up a server in a provider's NAT, and all users of this VPN are in the same provider's NAT... Well, I let the main server connect to all users, but... only the first ConnectTo works... in fact I've noticed that if the first user connects to another one, the last can connect to the server, while he cannot ping the central server if there is noone that connects to him i.e. Main server's tinc.conf Name = centralserver Interface = somenet ConnectTo = user1 Conne...

Hi, Etienne Thanks for your clarification, and this helped a lot. And in order to get a better understanding for the mechanism of Tinc and the purpose of ConnectTo statement, can I think the ConnectTo is the way to get the node into the Tinc VPN domain, instead of establish VPN connection between nodes. Once any node ConnectTo the Tinc VPN domain, it learns all other nodes, subnets, and corresponding public or private(but UDP reachable), and establish full m...

...nnels from the client to different server. From the documentation, it indicate the tinc.conf can support multiple ConnecTo, also the tinc can support multiple netname, like /etc/tinc/net1, /etc/tinc/net2. My question is, for my above use case, I should go with multiple netname instead of multiple ConnectTo, right? I did some tests, and I found no matter how many ConnectTos I placed in the tinc.conf(on the client side), only one connection can made to the server, and only one tun0 bring up with is the p2p connection can only go with one server, even though from debug message, I saw to connections all...

...c file for testing just listed only two sites to connect to. Below is for the new 100 site im trying to connect into the network. config tinc-net NETNAME option enabled 1 option logfile /var/log/tinc.log option debug 5 option AddressFamily ipv4 list ConnectTo pfsense201 list ConnectTo pfsense12 option Name pfsense100 option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv config tinc-host pfsense201 option enabled 1 option net NETNAME option Address PUBLICIPOFTHISSITEHERE option Subn...

X-up is being called when any connection is being built between node A and node X, it doesn't have anything to do whether you have connectTo in the config file or not. Because tinc is a mesh network, if node A have a direct connection to node B, and node B have a connection to node X, you can have a connection between A and X, and X-up is being called at the moment when it built a connection on demand. -- Narcissus Emi 日時: 2017年5月1日...

...in > my environment. > > A >> B >> X > > On 1 May 2017, at 3:07 PM, Narcissus Emi <eminarcissus at gmail.com> wrote: > > X-up is being called when any connection is being built between node A and > node X, it doesn't have anything to do whether you have connectTo in the > config file or not. > Because tinc is a mesh network, if node A have a direct connection to node > B, and node B have a connection to node X, you can have a connection > between A and X, and X-up is being called at the moment when it built a > connection on demand. > >...