similar to: Facebook issued some IP6-IP6 kernel patch (Guus Sliepen)

I know I have some quirky behavior involving my layer two tinc host, and the IPv6 subnet that runs off of it. Facebook just issued a kernel patch that changes the behavior of the IPv6 tunnel mechanism: I can't tell from the patch itself, if it might also improve functionality for non IP6-IP6 tunnels.

Guus Sliepen, I am working in a zeroconf setup for tinc called tzk, that could allow you to make this easily https://github.com/NebTex/tzk/ it will make better readme this weekend but you need a public machine with a public domain - subdomain pointed to it, the script will install tinc, consul (that is used for coordinate the vpn), and caddy a small reverse proxy for expose consul to the public

Hi Michael, when I was looking for information on tinc in combination with IPv6, I also found your new tutorial at that time (earlier this month). Somehow a couple of things are less clear to me in the newer tutorial (maybe the nice network topology image is missing). OK, you added the unique local addresses to the setup. But I dont't get it how the routing is done in your setup. You

Hello, Since the present tinc documentation is not very clear about this, please explain the following: is it mandatory to include the local IP address classes in the global VPN address class? Namely, please consider the following setup (which works great in practice): 1. A tinc VPN, full mesh, with n nodes (n > 3) 2. tinc runs on the firewall, which is also the default gateway for each

Hi Everyone, I have a routing situation where Tinc looks like it could come in extremely useful, but I have a query I hope someone can cast an eye on, as I'm unsure whether Tinc can help me here. I currently have a Quagga OSPF linux router which connects LAN A to LAN B over the quickest available of two routes (both routes at both ends connect to Quagga boxes to prevent collisions). One of

http://www.open-mesh.org/ Idea #1: is BATMAN worth considering using as part of the layer 2 routing in Tinc? Idea #2: would it be possible to embed BATMAN as an option to avoid having to use Quagga for routing v6 subnets? -------------- next part -------------- An HTML attachment was scrubbed... URL:

1. The UDT library is a BSD-licensed accelerated UDP-based transport. Would tinc be able to use this for UDP-based connections and would the licensing be acceptable? http://udt.sourceforge.net/index.html 2. I would like to see a 3rd compression protocol added to tinc: one based on the Mahoney compression schemes would be worth investigating (need something fast and uses small RAM on

Hi, I just set up tinc between two hosts (for now). All seems to work fine, but now I run in to a routing issue: I gave both of my vpn routers an IP in the 172.16.100.0/24 range, and used the Subnet-directive to inform tinc of this. This works fine, I can ping both hosts from both sides of the vpn. Ofcourse both vpn routers give access to other subnets, but they don't know the IP-ranges

There are few reasons why I stick to older OSes. In case of FreeBSD its my customized Imunes platform for network simulations... Anyway, back to root problem: gcc -std=gnu99 -DHAVE_CONFIG_H -DCONFDIR=\"/etc\" -DLOCALSTATEDIR=\"/var\" -DFORTIFY_SOURCE=2 -g -O2 -MT tincd.o -MD -MP -MF $depbase.Tpo -c -o tincd.o tincd.c &&\ mv -f $depbase.Tpo $depbase.Po

Hello, I am a happy user of tinc in multiple environments. It is beautiful - thank you! Today I noticed that a network of around 20 nodes suffered from a flood of packages like the following: IP6 fe80::e4eb:74b6:57e0:c3e1 > ff02::2: ICMP6, router solicitation, length 8 For the first ten hours these nodes (even the usually completely idle ones) have seen incoming traffic of around 1 MBit/s

On Wed, 2018-03-14 at 09:47 +0100, Guus Sliepen wrote: > On Tue, Mar 13, 2018 at 11:09:05PM +0200, ST wrote: > > > > > 1. What open-source VPN software would you recommend for such a case? We > > > > are considering [Tinc](https://www.tinc-vpn.org) as it seems to be > > > > rather flexible and provides an easy way to add new nodes thus helping > >

On Fri, Dec 14, 2018 at 11:13:55PM +0100, Lars Kruse wrote: > I am a happy user of tinc in multiple environments. It is beautiful - thank you! > > Today I noticed that a network of around 20 nodes suffered from a flood of > packages like the following: > IP6 fe80::e4eb:74b6:57e0:c3e1 > ff02::2: ICMP6, router solicitation, length 8 [...] > Most of the tinc nodes use v1.0.31.

Thanks Guus for the quick answer, I will give a try now. Рысь, In my case we don't want to restart tinc "server" at all, therefore what might happen is that the client is still connected to server while its public key was already removed from server. I will try the signal approach. Heng On Mon, Jul 25, 2016 at 12:42 PM, <tinc-request at tinc-vpn.org> wrote: > Send tinc

Hi, I've stumbled upon a problem which I can't solve easily with the available options in tinc - at least as far as I see. If enlightenment is all I need, I'll happily accept pointers ;) I try to establish a connection between two hosts. Each host has multiple addresses assigned to it's internet interface. A stripped down list would be: Host 1: 2001:780:0:1e::1

Hello, At FOSDEM 2010 (http://fosdem.org/2010/), I will give a lightning talk titled "tinc: the difficulties of a peer-to-peer VPN on the hostile Internet". The talk will probably be on Saturday 7th of Februari at 15:20 CET, but this might still change. If you would like to meet at FOSDEM with me or other persons using or developing tinc, just reply to this email. The abstract of the

Hello, At FOSDEM 2010 (http://fosdem.org/2010/), I will give a lightning talk titled "tinc: the difficulties of a peer-to-peer VPN on the hostile Internet". The talk will probably be on Saturday 7th of Februari at 15:20 CET, but this might still change. If you would like to meet at FOSDEM with me or other persons using or developing tinc, just reply to this email. The abstract of the

So as best practice running tinc I should include it ? Regards Yazeed Fataar <yazeedfataar at hotmail.com> On Sun, Feb 14, 2016 at 1:08 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Sun, Feb 14, 2016 at 10:53:19AM +0300, Yazeed Fataar wrote: > > > Going through the options tinc has . Can someone explain exactly what the > > purpose is for -L option for the

Hi Who concern, I setup TINC VPN follow these. 192.168.1.x / 24 (Client groups) | 192.168.1.1 (eth1) (GW1) 202.44.34.206 (eth0) || Internet || 202.44.45.14 (eth0) (GW2) 192.168.2.1 (eth1)

My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify. Does this make sense ? @ > Le 26 janv. 2016 ? 20:19, Guus Sliepen <guus at tinc-vpn.org> a ?crit : > >> On Tue, Jan 26, 2016 at 07:35:10PM +0100, Anton Voyl wrote: >> >> Is it possible to sign/verify data with the ed25519

yes, ip_forward was turned on. iptables is defaulted to ACCEPT policy on all the 3 chains. On Sat, May 14, 2016 at 1:24 AM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Sat, May 14, 2016 at 12:06:51AM +0800, Terry T wrote: > > > I have a Debian 8 64-bit machine set up as a server and apt-got the tinc > > package. I configured tinc as a bridge and everything seems