search for: indirectdata

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the stat...

Hi list, I'm hoping someone can help me understand when to use IndirectData. Quoting the manual: IndirectData = <yes|no> (no) This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to make a connection from the o...

...anged public keys directly, they can still establish sockets with one another over their TINC IP addresses. I know if both node A and EvilNode ConnectTo B, then EvilNode can establish internet connections with node A's tinc IP. "Forwarding=OFF" or "TunnelServer=YES" or "IndirectData=NO" are supposed to prevent this. EvilNode can connect and establish a tinc IP connection to A. I have to assume this happens because of Forwarding=internal by default. "config get IndirectData" and "config get Forwarding" and "config get TunnelServer" all ret...

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

Hi, All Here is the case: A, B, C, D all configured with "IndirectData = yes”, so connection only happens when there’s a “ConnectTo” in tinc.conf. Arrow indicate the “ConnectTo” direction Everything works fine earlier as below: 1. A connect to C, D connect to C 2. C is the transit node where only forward traffic between A and C 3. D advertise 0.0.0.0/0#2 4. A can ac...

...irect office-1 to office-2, send always packets >> for office-2 to office-5 (because connection with office-5 is very stable). >> >> Is there a way to configure TINC to not use direct connection >> for one host, but use a specified, other host for that? > > You can set IndirectData = yes in hosts/office-2 on hosts/office-1, and > vice versa, to prevent it from trying a direct connection. > > Note that you also should not have ConnectTo = office-2 in office-1's > tinc.conf, and vice versa, otherwise the above will not have any effect. Understood. But this will...

...fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo = TincKnoten1 GraphDumpFile = /tmp/tinc-graph LocalDiscovery = yes ClampMSS = yes PMTU = 1400 #DirectOnly=yes #IndirectData=yes Cipher=AES-128-CBC #TCPOnly=yes mac:10.0.0.20 (1gig directly to our backbone via mpls from out office-vlan) Name=TincKnoten20 Addres...

On Tue, Apr 10, 2018 at 03:36:08PM +0200, Hans de Groot wrote: > hosta  <--> hostb  <-->  hostc > > Hosta and hostc are not directly connected via tinc. But both are conncted > via hostb (I called my network tincnet). This works fine I can ssh from > hosta to hostc and vice versa without any problems. > > hostc is in a whitelisted iprange at some service

...TERFACE 192.168.230.21 netmask 255.255.255.0 route add -net 192.168.230.0 netmask 255.255.255.0 gw 192.168.230.1 ip route add default via 192.168.230.160 dev tincnet table hostc ip rule add from 0.0.0.0/0 fwmark 1 table hostc hosta Address = x.x.x.x Cipher = blowfish Compression = 0 Digest = sha1 IndirectData = Yes Port = 110 Subnet = 192.168.230.21/32 TCPonly = yes -----BEGIN RSA PUBLIC KEY----- -----END RSA PUBLIC KEY----- hostb Address = x.x.x.x Cipher = blowfish Compression = 0 Digest = sha1 IndirectData = Yes Port = 110 Subnet = 192.168.230.1/32 Subnet = 0.0.0.0/0 TCPonly = yes -----BEGIN RSA PUB...

...inc.conf on all three nodes (all running tinc 1.0.19 on Windows): ******************* Name = [Name] ConnectTo = Alpha (<-- commented out on Alpha of course) Compression = 9 LocalDiscovery = yes Interface = tincVPN ******************* host files: Alpha ******************* Subnet = [single IP]/32 IndirectData = yes Address = [DynDNS] Port = [Port] -----RSA Part----- ******************* Beta ******************* Subnet = [single IP]/32 IndirectData = yes Address = [DynDNS] Port = [Port] -----RSA Part----- ******************* Gamma ******************* Subnet = [single IP]/32 IndirectData = yes -----RSA Par...

Well this has had me stumped for days now. For months I've been using tinc in TCPOnly because I always received the unknown host error when using UDP. On Monday, i set the flag IndirectData = yes in my host files, and removed the TCPOnly line. Initially, everything worked great. My throughput increased from 600KB/sec to 2MB/sec between the sites. However, I also did some testing with compression settings in the host files. On the first test after setting Compression = 10, I lost...

Sure, let me reply all here for my finding. @Lars @Guus A’s tinc.conf: Name = bright AddressFamily = ipv4 ConnectTo = aly_hk A’s tinc-up: #!/bin/sh ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0 A’s host config: Subnet = 10.0.0.110/32 (VPN address) Subnet = 192.168.31.0/24 (LAN address) IndirectData = yes (enabled for every tinc nodes) The node aly_hk (vpn address 10.0.0.3) connects with other Tinc nodes: B, C, D; and Subnet = 8.8.8.8 been added to aly_hk, B, C, D’s host config: When tinc daemon get up on A(together with some manual scripts for destination to 8.8.8.8), the route table looks...

>> I run the very new tinc on both sides this time. >> Both sides had "IndirectData = yes" in their tinc.conf. >> Procedure was to start tinc on server side, then start tinc on client >> side. So far everthing looked okay. Then (12 seconds later - 22:39:37) I >> tried to ping the server side (=VPN peer) at 192.168.9.1 but without >> success. > >...

Hello, I'm running a tinc network including dozens of nodes in switch mode. Some are running stable branch 1.0, while a small set of nodes are running 1.1 with ed25519 support. I discovered some routing issue between two nodes: (names are hidden) A (1.1): ConnectTo = B ConnectTo = C IndirectData = yes Mode = Switch B (1.0): Mode = Switch C (1.1 but only with RSA key): Mode = Switch Connect = D IndirectData = yes D (1.1): Mode = Switch ConnectTo = B And here are the `tinc dump edges` output, non-releated edges are filtered. B to A at xxx port xxx local xxx port xxx options 400000d weigh...

...te add -net 192.168.230.0 netmask 255.255.255.0 gw 192.168.230.1 > ip route add default via 192.168.230.160 dev tincnet table hostc > ip rule add from 0.0.0.0/0 fwmark 1 table hostc > > > hosta > Address = x.x.x.x > Cipher = blowfish > Compression = 0 > Digest = sha1 > IndirectData = Yes > Port = 110 > Subnet = 192.168.230.21/32 > TCPonly = yes > > -----BEGIN RSA PUBLIC KEY----- > -----END RSA PUBLIC KEY----- > > hostb > Address = x.x.x.x > Cipher = blowfish > Compression = 0 > Digest = sha1 > IndirectData = Yes > Port = 110 > Subn...

...pe = tap DirectOnly = no Forwarding = internal Hostnames = yes #LocalDiscovery = yes Mode = switch PriorityInheritance = yes PrivateKeyFile = /etc/tinc/bartschnet/rsa_key.priv ProcessPriority = high PingInterval = 20 PingTimeout = 5 Cipher = aes-128-cbc ClampMSS = yes Compression = 0 Digest = sha1 IndirectData = yes PMTUDiscovery = yes Port = 655 I can ping each node from each other node, but the DOT-graph shows no direct connection between "rb493g" and "w900v" causing superflous traffic and latency on the uplink of the node "gw" What do I have to change to make "rb49...

...ough specific nodes, rather than trying to establish direct connections? >> >> I have a node which can connect to all the others directly, but some routes >> have terrible packet loss, so I'd like to configure it not to try. > > > Anyone? It looks to me, like "IndirectData" is what you're looking for. Although, you have to configure it on every *other* node. > > Should I just block the traffic outbound at the firewall? This might work, too. > > > Thanks > > Hamish regards, Erich -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3p92iM...

...s are mutal A <---> C <---> G ^ \ \-----> B <---> D <---> F ^ \ \---> E now they want to share some files, but they do not want that untrusted users know who shares the files. The idea: just route over friend-routes. solution: use IndirectData connections of tinc, and connect only to trusted persons. what was missing from tinc: anonymity. do a killall -USR2 tincd and you can see the ips of everybody in your syslog. what the patch adds: if FriendOfAFriend is set, then your node does not distribute information about the IP and port of ot...

I have two internal networks 192.168.9.0/24 and 192.168.0.0/24 each connected to the internet and each connected as a VPN via tinc (device vpn). The gateways are 192.168.9.1 and 192.168.0.1 Attached to the 192.168.9.0/24 network is another network 172.16.1.0/24 via a gateway 192.168.0.1 <==> 172.16.1.1. On 192.168.0.1 gateway I have routes (route -n) like this: Kernel IP routing table

Hi, Lars Thanks for your suggestion, will give it a try later to see how it performs. But, yesterday, I did a below test: A ConnectTo B and C, B ConnectTo D, C ConnectTo D; All nodes turned "IndirectData" on in its host configuration, so the tunnel only follow metacomnection instead of direct connect. D announced default route by having the Subnet = 0.0.0.0/0 statement in its host config The tunnel next hop for A set to C(for Mac, to config the tunnel interface, you have to specify the next...