similar to: Persistent tun/tap

Ok. I'm configuring my iptables scripts so that specific iptables rules for virtual network interfaces used for tinc go on tinc-up-fw and tinc-down-fw custom scripts. When I reload iptables rules manually to apply changes iptables scripts flush all chains and reapply rules and now also search in /etc/tinc/<netname>/ directories if the related virtual network interface is up and running

Yes, I know it is possible to insert iptables rule also without interface presence, but I never tested. If you tell this I trust your experience, but I prefer to have clean system configuration, so all is linked to something, without leaving unused system configuration, mainly for security components, also our firewalls have complex configuration, but using this dynamic management leave persistent

It would be nice if in a next tinc release you'll add some service variables tinc propagates to its scripts. So for example you can define in tinc.conf env variables like: SERVICE1= ... SERVICEn= and tinc will propagates all SERVICEx Variables found in tinc.conf to all scripts it calls. One can use theoretically infinite Env Var for custom behavior (like custom debug messages, conditional

This is not the best method as one have to change all present and future scripts tinc run, but ok. Thank you Roberto -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: marted? 26 gennaio 2016 10.13 To: tinc at tinc-vpn.org Subject: Re: Persistent tun/tap On Tue, Jan 26, 2016 at 07:25:55AM +0000, mlist wrote: > It would be nice if

Hi Saverio, I found conflict: 172.16.1.10 00:50:56:1b:ba:5e VMware, Inc. 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 2) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 3) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 4) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 5) So my assumptions were wrong ! :D Probably Virtual

This is what I want to avoid :D I want an active Tinc virtual interface active with ip identical of the other firewall, without ip conflict on the same network. Do you know if Tun type virtual interface on one host can have same ip address of another host in the same network without ip conflict ? ie if a tun virtual interface can work active without transmitting on real network ? or if such a

On 26/01/16 09:13, Guus Sliepen wrote: > On Tue, Jan 26, 2016 at 07:25:55AM +0000, mlist wrote: I will not > add this feature to tinc. You can easily do this yourself by adding > these environment variables to a separate file, and sourcing it in > the scripts that tinc calls. For example: Does tinc clear the environment before calling the scripts? Or can you just define the

This is a vpn for Disater Recovery sites, so it is not necessary to have a seamless failover, strictly speaking. Encryption instead is mandatory. Testing we found that on Keepalived failover remote Tinc take few seconds to reset the connection and correctly re-connect to the new active firewall (probably new firewall resetting the connection + PingTimeout + some seconds to reconnect). This is

On Tue, Jan 26, 2016 at 07:25:55AM +0000, mlist wrote: > It would be nice if in a next tinc release you'll add some service variables tinc propagates to its scripts. > So for example you can define in tinc.conf env variables like: > > SERVICE1= > ... > SERVICEn= > > and tinc will propagates all SERVICEx Variables found in tinc.conf to all scripts it calls. One can

No parameters using DNS. - tinc.conf content Name = sito1 AddressFamily = ipv4 BindToAddress = <IPPUB>:665 BindToInterface = int Device=/dev/net/tun Interface = vpndrif Mode = router PingInterval = 60 PingTimeout = 5 ProcessPriority = normal - host/sito1 content Address = <IPPUB>:665 Subnet = <IPLOCAL>/<NETMASK> Port = 655 -----BEGIN RSA PUBLIC KEY----- ... -----END

I tested a little more... tincd does not create virtual interface device correctly on CentOS 7, I don't know where tincd stop, probably on " System call `getaddrinfo' failed: Name or service not known" I sent you before. Keepalived return that error I shown on every ip command but this is not a problem now, I'll see this as soon as possible. If I execute these commands tun

Executing: ip tuntap add vpndrif mode tun return Keepalived errors show when tincd start: Jan 22 23:41:19 Keepalived_vrrp[1999]: Netlink: filter function error Jan 22 23:41:19 Keepalived_healthcheckers[1998]: Netlink: filter function error Jan 22 23:41:19 systemd-sysctl[23246]: Overwriting earlier assignment of kernel/shmmax in file '/etc/sysctl.d/99-sysctl.conf'. Jan 22 23:41:19

It is possible for tinc to made a persistent tun/tap or can I configure a persistent tun/tap by hand and tell to tinc to use that virtual interface device without starting up/shutting down tun/tap at every tincd start/stop ? Roberto -------------- parte successiva -------------- Un allegato HTML ? stato rimosso... URL:

I have 2 firewall in HA with keepalived. Can I use active the same tinc configuration on 2 firewalls ? using tun Interface with same ip on all 2 nodes is a problem ? tun device advertise itself on the network having an IP/MAC pairs (ARP) or the IP is only used by the system internally for routing so using the same configuration is right ? so one firewall be active, the other is passive. With this

Ok, I think synching 2 firewalls are best solution with keepalived active/passive HA, too. I'll try this solution to see if all goes straitforward between failover/failback and tinc communications. Thank you Guus. Best regards Roberto -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: venerd? 22 gennaio 2016 10.24 To: tinc at

Hi, Guus Thanks a lot for your suggestion, actually I did something else as below. But one question here is if I don’t add "/sbin/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0”, it seems the crontab wouldn’t trigger tinc-up, and then the ip addr of myvpn wouldn’t be configured, then it will prompt the error of "Can't write to Linux tun/tap device (tun mode) /dev/net/tun:

Folks: In answer to a query, Andy Liaw recently submitted some code to construct a block diagonal matrix. For what seemed a fairly straightforward task, the code seemed a little "overweight" to me (that's an American stock analyst's term, btw), so I came up with a slightly cleaner version (with help from Andy): bdiag<-function(...){ mlist<-list(...) ## handle case in

Hi everyone, I'd like to be able to apply lda to each 2D matrix slice of a 3D array, and then use the scalings to obtain the corresponding lda scores. I can use 'apply' to get a list of the lda output for each 2D slice, and can create a list of the resulting scalings, but I'm not sure how to multiply them in a vectorized way. Here's how I made a list of 2D matrices

I think it should work at least for TUN virtual interface as TUn works at IP level. This is a sample configuration. firewall1 lan = 172.16.1.11/19 (ALWAYS ACTIVE) - "Physical Network Interface" - system config as ifcfg-... 172.16.1.10/19 (VIP Keepalived Make active) - Active/Passive configuration with firewall2 firewall1 vpndr1

On Fri, May 26, 2017 at 09:30:44AM +0800, Bright Zhao wrote: > Due to some routing rotation purpose, I use crontab to add below info: > > 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 1 * * * * /usr/sbin/tincd -n myvpn -k > 1 * * * * /usr/sbin/tincd -n myvpn