search for: rpzdesign

hi. I suggest you to look at "Automatic Dependencies" in https://www.freedesktop.org/software/systemd/man/systemd.service.html. I think using "After=" and "Recuires=" is more suitable. On Mon, Feb 29, 2016 at 4:48 PM, md at rpzdesign.com <md at rpzdesign.com> wrote: > Hello Tinc'ers: > > I want to use TIncVPN in a systemd Ubuntu environment. > > But I want other services to run AFTER tinc has started running and has > its tun0 device initialized and ready. > > Does anybody have a suggestion on...

As if our lives were not already complex enough, there is the recent Wall Street Journal article about ipv4 exhaustion: http://www.wsj.com/articles/coming-this-summer-u-s-will-run-out-of-internet-addresses-1431479401 Is the latest version TINC ready for IpV6? Help us Obi-Wan-Sleipen, you are our only hope! md -- No spell checkers were harmed during the creation of this message.

...ey file to the nodes and then remotely call the reload script which will use sed to manipulate the templates and copy the files to the right locations with the right values. Sorry for my earlier rant, only through frustration do we get inspiration! Cheers all, md On 1/11/2015 10:47 PM, md at rpzdesign.com wrote: > Oops, did I forget to mention how good a design the REST of tinc is, > operationally speaking. > > Config files aside, it is a really good VPN. > > md > > On 1/11/2015 10:05 PM, md at rpzdesign.com wrote: >> I would say the weakest part of the TINC design...

On Fri, Dec 12, 2014 at 02:21:08AM -0500, md at rpzdesign.com wrote: > Oops, I got it to work only after putting the WAN on port 656 so it > did not interfere with port 655 for the LAN. You should not need to have two tinc daemons just because you have a WAN and a LAN interface. By default (ie, if you don't specify BindToAddress and/or BindToI...

...working. I think the key is the ifconfig and ip commands issued in tinc-up that allow for another tunx interface to be created and given a WAN VPN ip address The TINC VPN LAN address was assigned in tinc-up: ifconfig $INTERFACE 10.0.1.11 netmask 255.255.255.0 md On 12/15/2014 5:12 PM, md at rpzdesign.com wrote: > Guus: > > Ok, I accept your challenge. > > But I am clueless in terms of getting the routing table correct. > > So each server has a dual identity, both a LAN private identity with a > PRIVATE IP address and a WAN public identify with a PUBLIC ip address. &gt...

On Tue, Mar 01, 2016 at 04:31:13AM -0600, md at rpzdesign.com wrote: > Where do I get information about the details of not needing a tinc-up script > anymore? (/etc/network/interfaces) You can just use the normal /etc/network/interfaces way of configuring the interface, like this: iface vpn inet manual address 192.168.1.1 netmask 255.255.255.0...

Tried to Build Tinc. Linker was confused, Makefile lacking reference to -ltinfo I guess. FYI. root at rpzcentos tinc-1.1pre10]# make make all-recursive make[1]: Entering directory `/adev/tinc-1.1pre10' Making all in m4 make[2]: Entering directory `/adev/tinc-1.1pre10/m4' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/adev/tinc-1.1pre10/m4' Making all in

I would say the weakest part of the TINC design is the configuration file layout. There is no way to split out the essentially static configuration for all nodes in the cluster and isolate the node specific settings to one configuration file. So that means I have to keep an inventory of configuration files per node so I can edit and deliver them and keep everything straight. The private

On Mon, Dec 08, 2014 at 11:02:24PM -0500, md at rpzdesign.com wrote: > The self contained example is tricky because I created 4 ip-address on > the eth0 device (192.168.1.30/31/32/33) so I could test a 4 node VPN > that lives entirely within a single server. That's quite hard to do, it's far easier to run four instances of tinc on four...

...orwarding UDP packets with the new protocol is an issue that is > being worked on, and the new protocol in general needs to be > finished before I'll do a final 1.1 release. Thank you, marco On 12/7/2014 10:33 AM, Guus Sliepen wrote: > On Fri, Dec 05, 2014 at 10:24:27AM -0500, md at rpzdesign.com wrote: > >> Tried to Build Tinc. Linker was confused, Makefile lacking >> reference to -ltinfo I guess. > [...] >> /usr/bin/../libexec/gcc/x86_64-redhat-linux/4.8.2/ld: top.o: >> undefined reference to symbol 'wtimeout' >> /usr/bin/../libexec/gcc/x...

On Mon, Feb 29, 2016 at 07:48:45AM -0600, md at rpzdesign.com wrote: > I want to use TIncVPN in a systemd Ubuntu environment. > > But I want other services to run AFTER tinc has started running and has its > tun0 device initialized and ready. > > Does anybody have a suggestion on what I put into the service files so that > they are...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gus & Tinc-VPN List: It looks like I need to run 2 instances of tincd on each server. 1 instance of tincd will responsible for running a VPN over the LAN on eth1. This means Class C addresses from 10.0.1.10 -> 10.0.1.250 Another instance of tincd will be responsible for running a VPN over the WAN on eth0. This means Class C addresses from

Hello: The documentation does not have the following use cases very well defined or described. I have created a PDF file that Tinc-VPN can use to public and I would be happy to make more PDF files for usage with the examples on the web site. There are 2 pages in the PDF file attached, the first page is a production setup and the page is a test setup wholly contained within a single server. IS

yes, I have these in C host file: Subnet=10.10.0.0/24 Subnet=0.0.0.0/1 Subnet=128.0.0.0/1 ## not metioned, because I think is maybe works in same as 0.0.0.0/1 B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1 I only added one route to 5.6.7.8 via B, not via C On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at gmail.com> wrote: > hi. > > Are you add only

On Fri, Dec 05, 2014 at 10:24:27AM -0500, md at rpzdesign.com wrote: > Tried to Build Tinc. Linker was confused, Makefile lacking reference to > -ltinfo I guess. [...] > /usr/bin/../libexec/gcc/x86_64-redhat-linux/4.8.2/ld: top.o: undefined > reference to symbol 'wtimeout' > /usr/bin/../libexec/gcc/x86_64-redhat-linux/4.8.2/ld: no...

...both use cases so other users can get started with a ready to go set of files to download and run. The process is a bit confusing since the NETNAME and DEVICE and COMPANY in the examples are a bit confusing. Thank you anybody for your assistance in this matter. Marco On 12/8/2014 6:02 PM, md at rpzdesign.com wrote: > Hello: > > The documentation does not have the following use cases very well > defined or described. > > I have created a PDF file that Tinc-VPN can use to public > and I would be happy to make more PDF files for usage with the examples > on the web site. >...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oops, I got it to work only after putting the WAN on port 656 so it did not interfere with port 655 for the LAN. I am going to depend heavily on this VPN daemon to do its work every day. On 12/11/2014 10:05 PM, md at rpzdesign.com wrote: > Gus & Tinc-VPN List: > > It looks like I need to run 2 instances of tincd on each server. > > 1 instance of tincd will responsible for running a VPN over the LAN > on eth1. This means Class C addresses from 10.0.1.10 -> > 10.0.1.250 > > Another ins...

...be assigned to the tun1 When I run 2 tincd daemons, I keep both "networks" separate. You expert judgement needed here to realize your statement about only needing a single tincd daemon. md On 12/14/2014 7:14 AM, Guus Sliepen wrote: > On Fri, Dec 12, 2014 at 02:21:08AM -0500, md at rpzdesign.com wrote: > >> Oops, I got it to work only after putting the WAN on port 656 so it >> did not interfere with port 655 for the LAN. > > You should not need to have two tinc daemons just because you have a WAN > and a LAN interface. By default (ie, if you don't specify...

Guus: I have been test running the VPN between 2 geographically different clusters on a TINC VPN for a couple of days. How confident are you in the New Protocol in 1.1Pre10? Or should I just play it safe and run the old protocol for production? How long do you think it will take for you to have confidence in the new protocol? When do you think you will gain that confidence? You should be

I think I found the answer. http://www.tinc-vpn.org/documentation-1.1/Network-interfaces.html#Network-interfaces There are references to ipv6 here. But is anyone running stable on ipv6 in production? Thank you, md On 5/13/2015 11:41 AM, md at rpzdesign.com wrote: > As if our lives were not already complex enough, there is the recent > Wall Street Journal article about ipv4 exhaustion: > > http://www.wsj.com/articles/coming-this-summer-u-s-will-run-out-of-internet-addresses-1431479401 > > > Is the latest version TINC ready for...