similar to: default gate via tinc

H, Narcissus Quick one for the below case, if node A have a direct connection to node B, and node B have a connection to node X, then I found node A will be able to talk to node X, but the communication path is go through node B, instead of build direct connection between A and X, is that right? I tested this in my environment. A >> B >> X > On 1 May 2017, at 3:07 PM, Narcissus

Oh, thanks, in my current case, I haven’t config “Address” parameter in A’s host config, is this will make A prohibited it listen on the tinc ports? Question: 1. if I config “Address” in A’s config, and even though A is in a private subnet, it might still possible for A to establish connection with X(X is public IP address)? 2. If there any parameter to disable the direct connection discovery,

Hi, Tinc Expert in my tinc.conf, the ConnectTo to host X is commented, like below: #ConnectTo = X and there is a script: /etc/tinc/netname/hosts/X-up, I thought commented the ConnectTo X wouldn’t trigger the X-up, but it did. Why? What’s the logic behind to trigger host-up? How can I avoid this except remove the host-up file? Bright Zhao

Hello, today I was trying to do something easy I did with openvpn before. I have a server, and a few clients will connect to the server and route their internet traffic into the tunnel. The server then makes NAT. To configure clients in OpenVPN there was this directive called: --redirect-gateway that basically (copy and paste from OpenVPN man): 1) Create a static route for the --remote address

Hi, I've followed the guide at: http://blogs.operationaldynamics.com/andrew/software/research/using-tinc-vpn and have a working tinc VPN. Here's my topology: - CentralNode has a fixed public IP address that everyone connects to - Leaf1 and Leaf2 may have different IP addresses depending on where they are, and usually those will be behind NAT (think, two laptops going around and you get

Hi, Here is my goal. Can I do this with tinc? I have a mobile broadband card, and my machine runs a webserver, email server, and a public vcs. But I have four problems: 1. Port 25 is blocked so I have to use an elaborate convulsion to allow me to send mails. 2. It has a dynamic IP address so I have to use dynamic DNS. 3. There's no way for me to set up reverse DNS (that I know of). 4. They

I have a three tinc server setup, similar to "4.3 How Connections Work" using the configuration mostly likehttp://ostolc.org/site-to-site-vpn-with-tinc.html The clients (Ubuntus, Debians and Windows 10s) can all ping (and SSH) to each other remotely. As far as that is concerned it's working great - thanks so much for some great software. However, on each of the Tinc servers (A and

On Tue, Apr 10, 2018 at 03:36:08PM +0200, Hans de Groot wrote: > hosta  <--> hostb  <-->  hostc > > Hosta and hostc are not directly connected via tinc. But both are conncted > via hostb (I called my network tincnet). This works fine I can ssh from > hosta to hostc and vice versa without any problems. > > hostc is in a whitelisted iprange at some service

Hi, Just for your information I had the tinc daemon dying on the main machine I use as a hub, so I looked for a script to restart the daemon it if dies. Here is tinc.sh: ========================================================== #!/bin/bash # Tinc Process Monitor # Restart Tinc daemon When It Goes Down # Source: http://bash.cyberciti.biz/web-server/restart-apache2-httpd-shell-script/

Hello! What is exactly "tap0" in the host ifconfig? Thank you! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hello, it''s not the first time but ... Who know? Well, I use xen in HVM. All works fine, my keyboard in Dom0 is AZERTY, but this keyboard become QWERTY when i enter in VM, it''s not useful to type password. How can i keep my keyboard AZERTY in my VM and in Dom0? -- Benjamin HENRION Elève de 4eme année de l'' EXIA (Nancy) Ecole supérieure d''informatique Spé

Hey, I have this setup on my small test tinc-vpn. HostA (runs on a server and is publicly accessible) HostB (runs on my laptop (behind firewall) sometimes and connects to HostA) HostC (runs on a Amazon AWS server (behind firewall) to test long uptime and connects to HostA) This setup allows me to communicate from HostB to HostC thru HostA without any issues. Everything works great, but I

I have the class below to export host entries. However I wish to override the entry for my host to 127.0.0.1 So for all of the hosts other than foo.bar.com I would like them to have the real IP address but for foo.bar.com I would like to just have the loopback host entry. 2.6.2 doesn''t allow multiple tags and if I put in another entry for localhost there is a collision. Is there any

http://bugzilla.mindrot.org/show_bug.cgi?id=904 Summary: Better support for multi hop ssh/scp/sftp and anonymous port forwarding Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

Hi, I recently had a machine filling up its harddisk with syslog and tinc pilling up milions of messages like this: "Error while reading from Linux ethertap device /dev/net/tun: File descriptor in bad state" I remembered that there was a difference between rsyslog and other loggers, where one of those was skipping those messages, and simply was displaying: "this message has been

Hi, I am running Tinc on debian squeeze, when I reboot, the tincd daemon is not running at all, despite having the right link in rc2.d: root at box /etc/rc2.d [9]# ls S03tinc* S03tinc When I do /etc/init.d/tinc start, it works fine. Any idea what is the problem? Best, -- Benjamin Henrion <bhenrion at ffii.org> FFII Brussels - +32-484-566109 - +32-2-4148403 "In July 2005, after

I have a curious situation with four OpenBSD 3.3 hosts. Each of these has public/private keys on each other for inter-host authentication using RSA2 keys. For instance, they're called hostA-to-hostBCD, hostB-to-hostACD, hostC-to-hostABD, and hostD-to-hostABC. The sshd_config files, on each host, look as follows... #; #; /etc/ssh/sshd_config #; Port 22 Protocol 2 ListenAddress

I don't really think Address config in node description will decide it will listening for the public connection or not. From my own case, even if a real private node(pppoe dynamic address, tcp port listening not allowed, but Udp allowed) can have a p2p direct connection, I think it based on udp NAT traverse, but if you use TCPonly for this node, and also forbidden the incoming traffic to this

On 09/03/2016 10:56 AM, Etienne Dechamps wrote: > C will still need keys in order to establish metaconnections with A and B (as > well as a few other things). However there is no need for C to own any > "Subnets" at all. If somebody breaks into C, he could get access to the vpn network, right? Because the keys are there, it will be possible to use them to get access. Even if

hello everybody , I''ve a new problem !!!!! When i create a new DOMU, the installer can''t format the Virtual Disk... however, the qemu disk is reconize by the OS (etch stable) but it blocs during the ext3 creation... It ''s the same thing when i use automatic or custum formating partition.... I create my disk img like this: dd if=/dev/zero of=/../../../debian.img