similar to: Conflicting Default Values. A trusts B. B trusts EvilNode. Does that mean A trusts EvilNode?

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

Hi, we use a tinc network of about 400 nodes, all of them linux servers, partly in different datacenters (but generally low latency). Usually this is working very well (for weeks without a problem). >From time to time the whole network goes down though. This happened when we restarted a larger number of servers or when there was a connectivity issue between datacenters or some (short)

Hi, We have a tinc network of about ~200 hosts and in the full mesh configuration we've had a lot of problems with the edge propagation storms taking the entire network down. Recently we had a setup with a small number of "hubs" to which all the other nodes connected to, which limited the number of meta connections, but that didn't help much with the edge propagation issues.

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

Hi! here a little patch for darknet functionality, i hope it does what its intended for sufficiently ... but it seems to work :). what should it do? imagine your friend-network. A trusts B and C. B trusts D and E, D trust F, C trusts G. All trust relationships are mutal A <---> C <---> G ^ \ \-----> B <---> D <---> F ^ \ \---> E

Hi, I´m using Tinc for several years, but I didn´t fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo

Hi We have several stale nodes in our tinc network and I'd like to remove these. These nodes show up in graph dumps as red nodes, indicating they are unreachable. We run: tinc -n <vpn-name> purge Nothing happens. If we tail the logs at /var/log/syslog, we dont see an ack or message concerning the purge either. The dead nodes still show up in the graphs and their certs are still

Hello, I am tying to create tinc vpn for the ~1000 nodes and was thinking why meta connections are needed at all if I only need static configuration where every node knows addresses of other hosts and due to the amount of traffic any indirect connections will not work, so DirectOnly=yes is a must and then passing around routing information is not needed, right? Currently I have 10 nodes

On 30.08.2016 17:37, Guus Sliepen wrote: > On Tue, Aug 30, 2016 at 02:38:16PM +0200, Armin Schindler wrote: > >> we use a meshed VPN with TINC to connect 7 offices. >> Some office are in other countries and use other ISPs. The connection >> between some ISPs (peering partners) are not that good. This means we >> have packet loss between those direct connections.

Hi, I've set up Tinc in switch-mode on the three nodes "gw", "rb493g" and "v900w", but the nodes "rb493g" and "w900v" do not connect to each other. On each node port 655 is opened with TCP and UDP. "gw": static IPv4- and IPv6 address listed in the hosts-file "gw" hosts-files: "gw",

Dear All, We are trying the Tinc invites to let nodes join the network. This is working as described but we want to push some configuration for some nodes but this seemed not to be working. What is working is the following invite: Name = test_invite NetName = test_VPN ConnectTo = test_hub01 Ifconfig = 172.16.1.4/24 Subnet = 172.16.1.4

Hello, are there reasons why all the examples for debian and ubuntu explain how to setup tinc to start from the init job /etc/init.d/tinc and /etc/tinc/nets.boot and why there are no examples or tutorials on howto start tinc from /etc/network/interfaces ? Using /etc/network/interfaces I have a perfectly running tinc vpn with an unprivileged user, locked memory and a chroot jail plus converted

I don't know why, but for my case, I reduced the tinc topology from a complex one(which provide layered redundancy) to a very simpled one(one connection), and that connection drop disappeared. Later, let me draw the topology and share the config to you to see if there's any findings of the cause. Guus Sliepen <guus at tinc-vpn.org>于2017年9月14日 周四上午3:20写道： > On Wed, Sep 13, 2017

Tinc 1.0 3 control masters Many service hosts Laptop (road warrior) The control masters have the public keys for the service hosts and the laptop so that they can join the network. How can I prevent the laptop user to connect additional boxes to the network? In my view he can simply add new 'foreign' hosts and specify connectTo to point to the laptop. As keys are exchanged automatically

Well i currently try to set up tinc between two hosts, one with normal dsl connection one behind some kind of unknown firewall (Note since OpenVp is able to connect when the normal one is the Server I guess tinc should be able, too) start.bat-------------------------------tincd -n Empire-Network -D -d4 --bypass-security (Bypass is only currently because tis not working yet)

Thank you for the helpful advice. We will try to group the servers with different ConnectTo servers first. If this does not help we will look at the TunnelServer solution. Just to make sure we understand TunnelServer correctly: do you need to specify every host as ConnectTo that the host should be able to communicate with or is it sufficient to just provide the hosts files? Thanks, Hendrik

Dear all, I like tinc and am using it widely in the company I work for. Currently I'm experimenting with 'switch' mode & have a problem with packets being forwarded. I've tried possible combinations with next parameters: a) Broadcast = direct b) Forwarding = kernel c) DirectOnly = yes From the documentation, it looks like (a) should be enough to stop packet forwarding

The following is maybe a bug report, and a proposed patch. Using latest stable tinc 1.0.12. I have a central server and a few clients connecting to this server. I don't want clients to speak directly, but I want all the communications to pass by the server. My configuration is: Mode = switch TunnelServer = Yes I need layer2 because of some ethernet stuff on the clients. When you have

Hi all, I'm currently happily using tinc in my networks. I also use OpenVPN based on the customer requirements. I though have some questions which I could not find a clear answer. What I'd like to know is: 1. How to revoke a "node", simply removing the host file on the servers is enough? And one created by invitation? 2. Is there a way to let tinc ask for a username/password

Hi All, I've been playing around with TINC and like what I've seen so far. I wanted a TINC tunnel like this, where I have a server on the Internet with a public IPv4 address as my TINC server. Then I can have clients connect to it and see each other except that the client at a customer site would allow me to route behind it so I could see hosts on site beyond my device on premise. I do