similar to: tinc connectTo cleanup

thanks Guus for the quick response. I am using tinc 1.1 if I use AutoConnect = yes then will it automatically remove connections that are no longer in use? What are the security issues with 'AutoConnect = yes' I should be worried? for my use case I might go upto 20 to 30 + tinc hosts connected to single tinc box. as per the doc AutoConnect = yes is experimental, I am using it in our

I have a use case where I have to add new "ConnectTo=host" in tinc.conf and reload tinc. This is to make sure existing connections do not get disconnected. I use ... /usr/local/sbin/tinc --pidfile /var/run/tinc.vpn.pid -n vpn reload this works for most part, however, I am now seeing instance where I have to do a restart instead of reload. New connection works after a restart. Is there a

Hi Guus Following your suggestion we reconfigured our tinc network as follows. Here is a new graph and below is our updated configuration: http://imgur.com/a/n6ksh - 2 Tinc nodes (yellow labels) have a public external IP and port 655 open. They both have ConnectTo's to each other and AutoConnect = yes - The remainder tinc nodes (blue labels) have their tinc.conf set up as follows:

Hi Today our Tinc network saw a network partition when we took one tinc node down. We knew there was a network partition since the graph showed a split. This graph is not very helpful but its what I have at the moment: http://i.imgur.com/XP2PSWc.png - (ignore node labeled ignore, since its a dead node anyways) - node R was shutdown for maintenance - We saw a network split - we brought node R

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10

Thanks Guss, some comments and questions: If you make the yellow nodes ConnectTo all other nodes, and not have > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > no ConnectTo's, then you will get the desired graph. The reason this approach is not desirable is because it fails at automation. It requires us to add a new line of AutoConnect = <new node that

On Mon, Jan 12, 2015 at 12:37:24PM +0530, Anil Moris wrote: > I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts. > > I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf > file, the issue is I am not able to figure out which ConnectTo is been used > and which are stale, say NOT used in last 2 to 3 days. > > I want to remove those

Hello, We're suffering from sporadic network blockage(read: unable to ping other nodes) with 1.1-pre17. Before upgrading to the 1.1-pre release, the same network blockage also manifested itself in a pure 1.0.33 network. The log shows that there are a lot of "Got ADD_EDGE from nodeX (192.168.0.1 port 655) which does not match existing entry" and it turns out that the mismatches

Hi, ist there a way to tell tinc to connect to all available certificates? Something like ConnectTo = hosts/* This would allow to just distribute the certs without changing the .conf file. rm

On Tue, Jan 13, 2015 at 10:37:28AM +0530, Anil Moris wrote: > if I use AutoConnect = yes then will it automatically remove connections > that are no longer in use? > What are the security issues with 'AutoConnect = yes' I should be worried? > for my use case I might go upto 20 to 30 + tinc hosts connected to single > tinc box. > as per the doc AutoConnect = yes is

Hi, we use a tinc network of about 400 nodes, all of them linux servers, partly in different datacenters (but generally low latency). Usually this is working very well (for weeks without a problem). >From time to time the whole network goes down though. This happened when we restarted a larger number of servers or when there was a connectivity issue between datacenters or some (short)

Hi, I am using tinc version 1.1pre10, and I am generating the key file using command below ... /usr/local/sbin/tinc -n myvpn init hostname In some of the host file I am seeing a new line "Port = 29732" added at the end of the host key file... /etc/tinc/myvpn/hosts/hostname Port = 29732 this line Port = 29732 is causing tinc to break. It all works fine once I manually delete the

HI, Is there an init script to start stop tinc tinc-1.1pre10 for debian. I am running tinc -n name --pidfile /dir/name start from /etc/rc.local sometimes it's not creating the pid file but I see the process running. It would be great if we can manage it from /etc/init.d/ Thanks Anil -------------- next part -------------- An HTML attachment was scrubbed... URL:

Here is some examples of using templates for TINC configurations and settings: In your startup script, BEFORE starting TINC VPN, put a number of entries to configure your VPN: sh ./templatewriter.sh LAN LOSI101 8540 255.255.255.0 0.0.0.0 10.99.0.11 10.98.0.11 ConnectTo=LOSI102 ConnectTo= ConnectTo= **PUT MORE ENTRIES HERE FOR MORE COMPLEX VPN setups ######Templatewriter.sh #!/bin/bash

Thanks Guus I have one more question. - We see several log messages that we dont currently understand - Can you comment on what they mean and if they are concerning? I've obfuscated IP's and node names so please ignore those. Our tinc daemon command is: tincd -n <vpn name> -- Received short packet -- Got REQ_KEY from node003 while we already started a SPTPS session! -- Invalid

Hello. I am using the current 1.0 stable. I have tinc daemons on different dynamic ip connections. They have ports forwarded. They are using switch mode. I have 1 box which has dynamic dns set up. I would like everyone to use that for bootstrapping using ConnectTo. However I do NOT want that host to tunnel all traffic due to downtimes and bandwidth limitations. Can i get tinc to share the ips

Hi, I have successfully setup a tinc network between five hosts (in switch mode). Two of the hosts have static and known IP addresses (S1 and S2). Other hosts (H3-H5) connect one (or both) of them. The traffic flows nicely between all hosts. The initial edges (ConnectTo configuration directives) in my test network are: S1<->S2 H3 -> S1 and S2 H4 -> S1 H5 -> S2 As far as I have

Hi, I was quite surprised to see commmit 332b55d4 ("Change AutoConnect from int to bool"). Is there experimental evidence supporting 3 as the hardcoded maximum number of meta-connections? If there is a good reason for this limit on the number of meta-connections, maybe it should apply whatever the value of AutoConnect (currently, it is only enforced when AutoConnect is on). We may

Hi I'd like to build a Point-to-Point connection in Tinc 1.1pre14. My question specifically is how does one configure the conf file to achieve this Here's a simplified example: 1. There are 10 clients and 2 server nodes 2. All 10 clients have a Point-to-Point connection with the 2 server nodes 3. The 2 server nodes have Point-to-Point connection with all 10 clients. 4. In some ways this

Hi there!!! I'm returned to TINC :D I've got a question: I've setted up a server in a provider's NAT, and all users of this VPN are in the same provider's NAT... Well, I let the main server connect to all users, but... only the first ConnectTo works... in fact I've noticed that if the first user connects to another one, the last can connect to the server, while he