similar to: Missing connection

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

*You should repeat this for all nodes you ConnectTo, or which ConnectTo you. However, remember that you do not need to ConnectTo all nodes in the VPN; it is only necessary to create one or a few meta-connections, after the connections are made tinc will learn about all the other nodes in the VPN, and will automatically make other connections as necessary. * The above is from the docs. Assuming

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

On Tue, Apr 10, 2018 at 03:36:08PM +0200, Hans de Groot wrote: > hosta  <--> hostb  <-->  hostc > > Hosta and hostc are not directly connected via tinc. But both are conncted > via hostb (I called my network tincnet). This works fine I can ssh from > hosta to hostc and vice versa without any problems. > > hostc is in a whitelisted iprange at some service

On 30.08.2016 17:37, Guus Sliepen wrote: > On Tue, Aug 30, 2016 at 02:38:16PM +0200, Armin Schindler wrote: > >> we use a meshed VPN with TINC to connect 7 offices. >> Some office are in other countries and use other ISPs. The connection >> between some ISPs (peering partners) are not that good. This means we >> have packet loss between those direct connections.

Hi list, I'm hoping someone can help me understand when to use IndirectData. Quoting the manual: IndirectData = <yes|no> (no) This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to make a connection from the outside to your tinc

Hi, All Here is the case: A, B, C, D all configured with "IndirectData = yes”, so connection only happens when there’s a “ConnectTo” in tinc.conf. Arrow indicate the “ConnectTo” direction Everything works fine earlier as below: 1. A connect to C, D connect to C 2. C is the transit node where only forward traffic between A and C 3. D advertise 0.0.0.0/0#2 4. A can access internet from D

Hi, I´m using Tinc for several years, but I didn´t fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo

Hi there, Following situation: 3 nodes, Alpha (Home fileserver), Beta (regular PC), Gamma (Notebook). All three in a NATed LAN usually, though the notebook also gets carried around and connects from the outside from time to time. Tinc should help me keep my other 2 PCs reachable from Gamma, even when I'm not at home. Also I plan on maybe adding more nodes to that in the future. I have set

Sure, let me reply all here for my finding. @Lars @Guus A’s tinc.conf: Name = bright AddressFamily = ipv4 ConnectTo = aly_hk A’s tinc-up: #!/bin/sh ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0 A’s host config: Subnet = 10.0.0.110/32 (VPN address) Subnet = 192.168.31.0/24 (LAN address) IndirectData = yes (enabled for every tinc nodes) The node aly_hk (vpn address 10.0.0.3) connects with

I have two internal networks 192.168.9.0/24 and 192.168.0.0/24 each connected to the internet and each connected as a VPN via tinc (device vpn). The gateways are 192.168.9.1 and 192.168.0.1 Attached to the 192.168.9.0/24 network is another network 172.16.1.0/24 via a gateway 192.168.0.1 <==> 172.16.1.1. On 192.168.0.1 gateway I have routes (route -n) like this: Kernel IP routing table

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On Wed, 7 Oct 2020, Hamish Moffatt wrote: > On 22/9/20 4:44 pm, Hamish Moffatt wrote: >> Is it possible to a configure a tinc (1.0.35) node to only send outbound >> through specific nodes, rather than trying to establish direct connections? >> >> I have a node which can connect to all the others directly, but some

Hi, by accident I realized RSync (version 3.0.5, Ubuntu 9.10) uses the root directory when the path value of a module is empty! This can cause loss of data (in my case RSync tried to get and delete the complete directory structure of a server instead of a FTP sub-directory, but luckily I had set uid and gid to nobody already). Is this solved in newer versions? If not, is there any bug-report?

Dear all, I like tinc and am using it widely in the company I work for. Currently I'm experimenting with 'switch' mode & have a problem with packets being forwarded. I've tried possible combinations with next parameters: a) Broadcast = direct b) Forwarding = kernel c) DirectOnly = yes From the documentation, it looks like (a) should be enough to stop packet forwarding

Hi all, Love tinc by the way. It's a great VPN. I'm having issues with 2 nodes always talking through an intermediate node. My set up is a VPS in a cloud somewhere that's running tinc and 2 other nodes - one a roaming laptop (always NAT'd) and the other a server behind a dynamic IP home broadband connection (Not NAT'd but firewalled). Neither the laptop nor the home

Hi guys: I am using Tinc to build an overlay network, but I want to control the network topology by myself. So how can I disable the automatic full mash feature of Tinc? Besides, my overlay network is supposed to support anycast and I have a routing algorithm for it. I wonder if it is convenient to implement it in Tinc, and do you have any suggestions for achieving this? Looking forward to your

Hello, I'm running a tinc network including dozens of nodes in switch mode. Some are running stable branch 1.0, while a small set of nodes are running 1.1 with ed25519 support. I discovered some routing issue between two nodes: (names are hidden) A (1.1): ConnectTo = B ConnectTo = C IndirectData = yes Mode = Switch B (1.0): Mode = Switch C (1.1 but only with RSA key): Mode = Switch

Hi, Lars Thanks for your suggestion, will give it a try later to see how it performs. But, yesterday, I did a below test: A ConnectTo B and C, B ConnectTo D, C ConnectTo D; All nodes turned "IndirectData" on in its host configuration, so the tunnel only follow metacomnection instead of direct connect. D announced default route by having the Subnet = 0.0.0.0/0 statement in its host

Hi, Guus I did some test regarding the points you mentioned below, and yes, you’re right, but some of points may need further adjusted: 1. The destination of IPv4 wouldn’t be changed, Yes I agree, that’s the goal and final destination for the communication. But during the path, it may be encapsulated into another packet(tunnel mode), where the outside IP header is the physical address, but the

Hi! here a little patch for darknet functionality, i hope it does what its intended for sufficiently ... but it seems to work :). what should it do? imagine your friend-network. A trusts B and C. B trusts D and E, D trust F, C trusts G. All trust relationships are mutal A <---> C <---> G ^ \ \-----> B <---> D <---> F ^ \ \---> E