similar to: Multiple ConnectTo

Hi guys!! I've followed the windows 2000/xp tutorial and not only, but it seems not to work! I've for sure committed some errors... PC (under NAT) files: tinc/vpn/tinc.conf tinc/vpn/rsa_key.priv tinc/vpn/hosts/elegos tinc/vpn/hosts/shadowkrad tinc.conf: Name = elegos ConnectTo = shadowkrad TCPOnly = yes Interface = VPN (TCPOnly as under a NAT) rsa_key.priv: -----BEGIN RSA PRIVATE

Hi Samba 3.6.3 on Ubuntu. Filesystem is xfs, grpquota and usrquota are enabled. root at host:# repquota /mntpoint displays the correct data (see below). In smb.conf I defined max protocol = SMB2. When running smbcquotas //host/share -L I'm getting displayed a value of 16GB for every user share. This is the value that is displayed on the windows 7 boxes when looking at the network shares in

Hi all! I have a corpus of virtual users ( user1 at domain.tld , user2 at domain.tld, user3 at domain.tld,..., usern at domain.tld ... ) authenticated against Active Directory. Is it possible to group some users (virtual) and give appropriate ACLs on a shared imap public folder using an ACL vfile? thanks in advance Dimitrios

On Mon, Jan 12, 2015 at 12:37:24PM +0530, Anil Moris wrote: > I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts. > > I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf > file, the issue is I am not able to figure out which ConnectTo is been used > and which are stale, say NOT used in last 2 to 3 days. > > I want to remove those

Hi there! I'm totally new to the concept 'self-made VPNs' :P I've discovered tinc and I think it's not as easy as hamachi, but not so hard as OpenVPN :D Now: I've got 4 questions: question n.1: I'm behind a router. This router is configurable, but I'm also behind a provider's NAT (private IPs with a common public IP). Will tinc work, or it will do as

thanks Guus for the quick response. I am using tinc 1.1 if I use AutoConnect = yes then will it automatically remove connections that are no longer in use? What are the security issues with 'AutoConnect = yes' I should be worried? for my use case I might go upto 20 to 30 + tinc hosts connected to single tinc box. as per the doc AutoConnect = yes is experimental, I am using it in our

X-up is being called when any connection is being built between node A and node X, it doesn't have anything to do whether you have connectTo in the config file or not. Because tinc is a mesh network, if node A have a direct connection to node B, and node B have a connection to node X, you can have a connection between A and X, and X-up is being called at the moment when it built a connection

Indeed it depends, tinc will have a port listening for incoming connections(both tcp and udp), if A have exposed its listening ports, a direct connection will be tried to build between the nodes, otherwise it will go from the intermediate node. -- Narcissus Emi 日時: 2017年5月1日 15:12:16, Bright Zhao (startryst at gmail.com) が書きました:: > H, Narcissus > > Quick one for the below case, if

I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts. I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf file, the issue is I am not able to figure out which ConnectTo is been used and which are stale, say NOT used in last 2 to 3 days. I want to remove those ConnectTo which are no longer actively used. Is it possible to find which ConnectTo are not used.

Hi Guus Following your suggestion we reconfigured our tinc network as follows. Here is a new graph and below is our updated configuration: http://imgur.com/a/n6ksh - 2 Tinc nodes (yellow labels) have a public external IP and port 655 open. They both have ConnectTo's to each other and AutoConnect = yes - The remainder tinc nodes (blue labels) have their tinc.conf set up as follows:

On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote: > If you make the yellow nodes ConnectTo all other nodes, and not have > > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > > no ConnectTo's, then you will get the desired graph. > > The reason this approach is not desirable is because it fails at > automation. It requires us to

On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote: > Today our Tinc network saw a network partition when we took one tinc node > down. > > We knew there was a network partition since the graph showed a split. This > graph is not very helpful but its what I have at the moment: > > http://i.imgur.com/XP2PSWc.png The graph is very clear. > Some questions:

On Tue, Aug 22, 2017 at 03:19:18PM -0700, Nirmal Thacker wrote: > - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to > upgrade to? There will be an 1.1pre15, but if you want you can apply the following commit: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=92fdabc439bdb5e16f64a4bf2ed1deda54f7c544 > - What is the workaround until we patch with this fix?

I don't really think Address config in node description will decide it will listening for the public connection or not. From my own case, even if a real private node(pppoe dynamic address, tcp port listening not allowed, but Udp allowed) can have a p2p direct connection, I think it based on udp NAT traverse, but if you use TCPonly for this node, and also forbidden the incoming traffic to this

Hi, Tinc Expert in my tinc.conf, the ConnectTo to host X is commented, like below: #ConnectTo = X and there is a script: /etc/tinc/netname/hosts/X-up, I thought commented the ConnectTo X wouldn’t trigger the X-up, but it did. Why? What’s the logic behind to trigger host-up? How can I avoid this except remove the host-up file? Bright Zhao

On Thu, Aug 31, 2017 at 10:40:39AM -0700, Nirmal Thacker wrote: > Following your suggestion we reconfigured our tinc network as follows. > Here is a new graph and below is our updated configuration: > http://imgur.com/a/n6ksh [...] > We are concerned that: > - We still dont see edges in the graph that show connections between every > blue labeled node to both the yellow labeled

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10

Hi Today our Tinc network saw a network partition when we took one tinc node down. We knew there was a network partition since the graph showed a split. This graph is not very helpful but its what I have at the moment: http://i.imgur.com/XP2PSWc.png - (ignore node labeled ignore, since its a dead node anyways) - node R was shutdown for maintenance - We saw a network split - we brought node R

Thanks Guus I have one more question. - We see several log messages that we dont currently understand - Can you comment on what they mean and if they are concerning? I've obfuscated IP's and node names so please ignore those. Our tinc daemon command is: tincd -n <vpn name> -- Received short packet -- Got REQ_KEY from node003 while we already started a SPTPS session! -- Invalid

Thanks Guss, some comments and questions: If you make the yellow nodes ConnectTo all other nodes, and not have > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > no ConnectTo's, then you will get the desired graph. The reason this approach is not desirable is because it fails at automation. It requires us to add a new line of AutoConnect = <new node that