similar to: No subject

Hi, I just set up tinc between two hosts (for now). All seems to work fine, but now I run in to a routing issue: I gave both of my vpn routers an IP in the 172.16.100.0/24 range, and used the Subnet-directive to inform tinc of this. This works fine, I can ping both hosts from both sides of the vpn. Ofcourse both vpn routers give access to other subnets, but they don't know the IP-ranges

Hello, Since the present tinc documentation is not very clear about this, please explain the following: is it mandatory to include the local IP address classes in the global VPN address class? Namely, please consider the following setup (which works great in practice): 1. A tinc VPN, full mesh, with n nodes (n > 3) 2. tinc runs on the firewall, which is also the default gateway for each

Here are a few facts that should make things clearer. Regarding keys: - The key used for the metaconnections (routing protocol over TCP) - i.e. the one you configure in your host files - is NOT the same as the key used for UDP data tunnels. - The key for data tunnels is negotiated over the metaconnections, by sending REQ_KEY and ANS_KEY messages over the metagraph (i.e. the graph of

Hello, Please tell me if it's possible to use tinc together with OSPF (instead of static routes in LAN). By OSPF I mean Quagga's GNU/Linux daemon. Namely, I have a group of LANs (private 192.168.x.0/24 each). Each LAN has a GNU/Linux default gateway, 192.168.x.1, that also connects to the Internet via a public IP address (does NAT and firewall for the LAN "behind" it). tinc

On Tue, May 12, 2015 at 04:27:10PM -0300, Marcelo Pacheco wrote: > Consider the challenge of having completely dynamic routing between vpn > peers. In one minute I might have 10000 routes towards one specific peer, > and hour latter I might have NONE. And I need to diferentiate each peer at > the kernel routing layer. > And no, it can't be a pure bridge, it has to be L3

Hi guys, thanks in advance for any answers. Trying to get tinc up and running, I hit a roadblock though. What I’m trying to do is to connect to my roaming notebook to my company network. All hosts on our network live in the 10.42.x.x range, netmask is 255.255.0.0. Tinc 1.1pre14 service is running on a Windows host 10.42.2.50. Public ports are natted through, telnetting public ip port 655 the

If you're using StrictSubnets, you will still be fine. StrictSubnets means that A will only use B's key (which C does not know) to send packets to B's statically configured subnets. C cannot impersonate B (as in, take its node name) because it would have to know B's private key to do so, and it cannot impersonate B's subnets because A is using StrictSubnets. The worst that C

What challenge this would solve ? VPN software in general tries to be another router when running in server mode with multiple clients. This restricts VPN customers from having complex topology. For instance, I'd like to have two tunnels between each client network and each server (with two broadband connections on each end), with some OSPF running and automatically switching from one to

I see what you want me to do. But it does incur an extra MAC layer header to each VPN packet, more fragmentation. And broadcasts leak to all peers. It sure saves you from doing any improvements, but there are side effects that are undesirable to many customers. This is specially a problem if I want two VPN connections between two sites using redundant connections, we get an instant L2 loop. With

That's exactly right. Corollary: if you take one node from a tinc network and connect it to a node from another isolated tinc network, the two networks become one :) On 1 May 2017 at 13:16, Bright Zhao <startryst at gmail.com> wrote: > Hi, Etienne > > Thanks for your clarification, and this helped a lot. And in order to get > a better understanding for the mechanism of Tinc

tinc uses direct UDP communication for performance, not reliability. If you want to establish more metaconnections for increased reliability, you can use AutoConnect (though it probably won't work across NATs). A better solution is to use two central nodes (instead of one) for redundancy. On 11 June 2015 at 18:59, Daniel J. Grinkevich <danielgrinkevich at gmail.com> wrote: > If we

I have done it... added on both routers a new firewall zone covering the tinc interface, policy in accept, out accept, fwd accept, interzone forwarding from/to LAN.... when I do it, I am not even able to ping the routers between them, even though the PING PONG is ok in the tinc debug.... 2018-05-24 20:28 GMT+02:00 Naemr . <naemrr at gmail.com>: > did you add a forwarding allow rule from

did you add a forwarding allow rule from tinc interface to lan and vise versa on both ends? even with firewall off default is to not forward till told to do so. On Thu, May 24, 2018, 10:07 AM Davide L <davide.lovreglio at gmail.com> wrote: > Dear all, > > I am trying to configure a basic TINC vpn between two sites using OpenWRT > routers. The link seems to work, the ping

Hi! Me and two friends are trying to get a VPN working, but we cant get routing between two tunnels. This is how it looks, all servers (192.168.*.1) are running IP Masquerade to enable the other computers behind them to access the internet. Both elayne and glenn are connecting to melc, and the tunnel between melc and glenn are running TCPOnly because that glenn doesnt have a public IP (it's

Hi Everyone, I have a routing situation where Tinc looks like it could come in extremely useful, but I have a query I hope someone can cast an eye on, as I'm unsure whether Tinc can help me here. I currently have a Quagga OSPF linux router which connects LAN A to LAN B over the quickest available of two routes (both routes at both ends connect to Quagga boxes to prevent collisions). One of

Hi, Etienne Thanks for your clarification, and this helped a lot. And in order to get a better understanding for the mechanism of Tinc and the purpose of ConnectTo statement, can I think the ConnectTo is the way to get the node into the Tinc VPN domain, instead of establish VPN connection between nodes. Once any node ConnectTo the Tinc VPN domain, it learns all other nodes, subnets, and

> > Maybe I should allow the reachable keyword for the dump graph command as > well, so you can do: > > tincctl -n <netname> dump reachable graph > > ...and not see any nodes which are unreachable. Is that what you want? This would help since dead nodes do not clutter the visual representation. What are the effects, if any, of dead nodes in the hosts/ dir? Thanks

On 11 April 2018 at 11:30, Hans de Groot <hansg at dandy.nl> wrote: > Hello again :) > > Thank you all for your reply's. Below are the config files of the 3 hosts. > I use tinc in router mode. I do not have a kernel mode config lines > anywhere so tinc must be using the default settings here. > > I added the ipaddressx to subnets on hostc and this works. Traffic

Hi, I am trying to understand Tinc better. I have gone through the documentation and the recent mailing lists. What I am trying to do is see if Tinc can be an alternative to using OVS with GRE tunnels to connect VMs on 2 subnets, only in this case I am using LXC containers. LXC creates a NAT network called lxcbr0 typically on a 10.0.3.0 subnet (similar in functionality to virbr0 for KVM) that

No, this would in fact operate as a routing mode instead of bridging. TAP would be used as a means to push routing to where it belongs, the linux/bsd/... kernel. Consider the challenge of having completely dynamic routing between vpn peers. In one minute I might have 10000 routes towards one specific peer, and hour latter I might have NONE. And I need to diferentiate each peer at the kernel