similar to: No subject

Hi, I just set up tinc between two hosts (for now). All seems to work fine, but now I run in to a routing issue: I gave both of my vpn routers an IP in the 172.16.100.0/24 range, and used the Subnet-directive to inform tinc of this. This works fine, I can ping both hosts from both sides of the vpn. Ofcourse both vpn routers give access to other subnets, but they don't know the IP-ranges

Hello, Since the present tinc documentation is not very clear about this, please explain the following: is it mandatory to include the local IP address classes in the global VPN address class? Namely, please consider the following setup (which works great in practice): 1. A tinc VPN, full mesh, with n nodes (n > 3) 2. tinc runs on the firewall, which is also the default gateway for each

Here are a few facts that should make things clearer. Regarding keys: - The key used for the metaconnections (routing protocol over TCP) - i.e. the one you configure in your host files - is NOT the same as the key used for UDP data tunnels. - The key for data tunnels is negotiated over the metaconnections, by sending REQ_KEY and ANS_KEY messages over the metagraph (i.e. the graph of

Hello, Please tell me if it's possible to use tinc together with OSPF (instead of static routes in LAN). By OSPF I mean Quagga's GNU/Linux daemon. Namely, I have a group of LANs (private 192.168.x.0/24 each). Each LAN has a GNU/Linux default gateway, 192.168.x.1, that also connects to the Internet via a public IP address (does NAT and firewall for the LAN "behind" it). tinc

On Tue, May 12, 2015 at 04:27:10PM -0300, Marcelo Pacheco wrote: > Consider the challenge of having completely dynamic routing between vpn > peers. In one minute I might have 10000 routes towards one specific peer, > and hour latter I might have NONE. And I need to diferentiate each peer at > the kernel routing layer. > And no, it can't be a pure bridge, it has to be L3

Hi guys, thanks in advance for any answers. Trying to get tinc up and running, I hit a roadblock though. What I’m trying to do is to connect to my roaming notebook to my company network. All hosts on our network live in the 10.42.x.x range, netmask is 255.255.0.0. Tinc 1.1pre14 service is running on a Windows host 10.42.2.50. Public ports are natted through, telnetting public ip port 655 the

Hi Everyone, I have a routing situation where Tinc looks like it could come in extremely useful, but I have a query I hope someone can cast an eye on, as I'm unsure whether Tinc can help me here. I currently have a Quagga OSPF linux router which connects LAN A to LAN B over the quickest available of two routes (both routes at both ends connect to Quagga boxes to prevent collisions). One of

tinc uses direct UDP communication for performance, not reliability. If you want to establish more metaconnections for increased reliability, you can use AutoConnect (though it probably won't work across NATs). A better solution is to use two central nodes (instead of one) for redundancy. On 11 June 2015 at 18:59, Daniel J. Grinkevich <danielgrinkevich at gmail.com> wrote: > If we

If you're using StrictSubnets, you will still be fine. StrictSubnets means that A will only use B's key (which C does not know) to send packets to B's statically configured subnets. C cannot impersonate B (as in, take its node name) because it would have to know B's private key to do so, and it cannot impersonate B's subnets because A is using StrictSubnets. The worst that C

What challenge this would solve ? VPN software in general tries to be another router when running in server mode with multiple clients. This restricts VPN customers from having complex topology. For instance, I'd like to have two tunnels between each client network and each server (with two broadband connections on each end), with some OSPF running and automatically switching from one to

Hi! Me and two friends are trying to get a VPN working, but we cant get routing between two tunnels. This is how it looks, all servers (192.168.*.1) are running IP Masquerade to enable the other computers behind them to access the internet. Both elayne and glenn are connecting to melc, and the tunnel between melc and glenn are running TCPOnly because that glenn doesnt have a public IP (it's

I see what you want me to do. But it does incur an extra MAC layer header to each VPN packet, more fragmentation. And broadcasts leak to all peers. It sure saves you from doing any improvements, but there are side effects that are undesirable to many customers. This is specially a problem if I want two VPN connections between two sites using redundant connections, we get an instant L2 loop. With

That's exactly right. Corollary: if you take one node from a tinc network and connect it to a node from another isolated tinc network, the two networks become one :) On 1 May 2017 at 13:16, Bright Zhao <startryst at gmail.com> wrote: > Hi, Etienne > > Thanks for your clarification, and this helped a lot. And in order to get > a better understanding for the mechanism of Tinc

did you add a forwarding allow rule from tinc interface to lan and vise versa on both ends? even with firewall off default is to not forward till told to do so. On Thu, May 24, 2018, 10:07 AM Davide L <davide.lovreglio at gmail.com> wrote: > Dear all, > > I am trying to configure a basic TINC vpn between two sites using OpenWRT > routers. The link seems to work, the ping

I have done it... added on both routers a new firewall zone covering the tinc interface, policy in accept, out accept, fwd accept, interzone forwarding from/to LAN.... when I do it, I am not even able to ping the routers between them, even though the PING PONG is ok in the tinc debug.... 2018-05-24 20:28 GMT+02:00 Naemr . <naemrr at gmail.com>: > did you add a forwarding allow rule from

Hi, I am trying to understand Tinc better. I have gone through the documentation and the recent mailing lists. What I am trying to do is see if Tinc can be an alternative to using OVS with GRE tunnels to connect VMs on 2 subnets, only in this case I am using LXC containers. LXC creates a NAT network called lxcbr0 typically on a 10.0.3.0 subnet (similar in functionality to virbr0 for KVM) that

Hi all, So, I've deployed Tinc in a non normal manor to which has been working just fine for days up until recent. Here is a description of the network. There are two VPN host controllers, A and B. All nodes have a separate connection to A and B. Tinc has been configured to be in 'switch' mode for both the A cloud and B cloud. On the back end, I have OSPF running on all nodes and

Hi all, I have two nodes, connected to a switch, using Tinc 1.1 from git. They connect each other with sptps, and to other nodes in the Internet with old protocol because they have Tinc 1.0. There is no problem with remote nodes, but between my 2 local nodes, they see 1518 PMTU. But local network is 1500 MTU !!! So nodes can ping each other but larger data does not go. test1=sllm1 test2=sllm2

Hi, I am using tin-0.3 and trying to route over a tinc tunnel. Here is my details: 192.168.10.0/24 / \ | | ethernet network | \ / ------------------------- | 192.168.10.254 (eth0) | | Linux Router | | 192.168.0.1 (tap0) | ------------------------- / \ | | | tinc tunnel | |

Hi, Etienne Thanks for your clarification, and this helped a lot. And in order to get a better understanding for the mechanism of Tinc and the purpose of ConnectTo statement, can I think the ConnectTo is the way to get the node into the Tinc VPN domain, instead of establish VPN connection between nodes. Once any node ConnectTo the Tinc VPN domain, it learns all other nodes, subnets, and