similar to: Persistent tun/tap

Ok. I'm configuring my iptables scripts so that specific iptables rules for virtual network interfaces used for tinc go on tinc-up-fw and tinc-down-fw custom scripts. When I reload iptables rules manually to apply changes iptables scripts flush all chains and reapply rules and now also search in /etc/tinc/<netname>/ directories if the related virtual network interface is up and running

So we can configure a persistent tun and tinc on startup recognize this, tinc uses just present tun without problems ? Can you point me to Tinc-RedHat best practice method to do that please ? Thank you in advance Best Regards Roberto -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: domenica 24 gennaio 2016 09.53 To: tinc at

It would be nice if in a next tinc release you'll add some service variables tinc propagates to its scripts. So for example you can define in tinc.conf env variables like: SERVICE1= ... SERVICEn= and tinc will propagates all SERVICEx Variables found in tinc.conf to all scripts it calls. One can use theoretically infinite Env Var for custom behavior (like custom debug messages, conditional

This is not the best method as one have to change all present and future scripts tinc run, but ok. Thank you Roberto -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: marted? 26 gennaio 2016 10.13 To: tinc at tinc-vpn.org Subject: Re: Persistent tun/tap On Tue, Jan 26, 2016 at 07:25:55AM +0000, mlist wrote: > It would be nice if

On Tue, Jan 26, 2016 at 07:25:55AM +0000, mlist wrote: > It would be nice if in a next tinc release you'll add some service variables tinc propagates to its scripts. > So for example you can define in tinc.conf env variables like: > > SERVICE1= > ... > SERVICEn= > > and tinc will propagates all SERVICEx Variables found in tinc.conf to all scripts it calls. One can

On 26/01/16 09:13, Guus Sliepen wrote: > On Tue, Jan 26, 2016 at 07:25:55AM +0000, mlist wrote: I will not > add this feature to tinc. You can easily do this yourself by adding > these environment variables to a separate file, and sourcing it in > the scripts that tinc calls. For example: Does tinc clear the environment before calling the scripts? Or can you just define the

It is possible for tinc to made a persistent tun/tap or can I configure a persistent tun/tap by hand and tell to tinc to use that virtual interface device without starting up/shutting down tun/tap at every tincd start/stop ? Roberto -------------- parte successiva -------------- Un allegato HTML ? stato rimosso... URL:

Hi Saverio, I found conflict: 172.16.1.10 00:50:56:1b:ba:5e VMware, Inc. 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 2) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 3) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 4) 172.16.1.10 00:50:56:2b:12:e6 VMware, Inc. (DUP: 5) So my assumptions were wrong ! :D Probably Virtual

This is what I want to avoid :D I want an active Tinc virtual interface active with ip identical of the other firewall, without ip conflict on the same network. Do you know if Tun type virtual interface on one host can have same ip address of another host in the same network without ip conflict ? ie if a tun virtual interface can work active without transmitting on real network ? or if such a

This is a vpn for Disater Recovery sites, so it is not necessary to have a seamless failover, strictly speaking. Encryption instead is mandatory. Testing we found that on Keepalived failover remote Tinc take few seconds to reset the connection and correctly re-connect to the new active firewall (probably new firewall resetting the connection + PingTimeout + some seconds to reconnect). This is

Hi, Guus Thanks a lot for your suggestion, actually I did something else as below. But one question here is if I don’t add "/sbin/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0”, it seems the crontab wouldn’t trigger tinc-up, and then the ip addr of myvpn wouldn’t be configured, then it will prompt the error of "Can't write to Linux tun/tap device (tun mode) /dev/net/tun:

On Fri, May 26, 2017 at 09:30:44AM +0800, Bright Zhao wrote: > Due to some routing rotation purpose, I use crontab to add below info: > > 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 1 * * * * /usr/sbin/tincd -n myvpn -k > 1 * * * * /usr/sbin/tincd -n myvpn

No parameters using DNS. - tinc.conf content Name = sito1 AddressFamily = ipv4 BindToAddress = <IPPUB>:665 BindToInterface = int Device=/dev/net/tun Interface = vpndrif Mode = router PingInterval = 60 PingTimeout = 5 ProcessPriority = normal - host/sito1 content Address = <IPPUB>:665 Subnet = <IPLOCAL>/<NETMASK> Port = 655 -----BEGIN RSA PUBLIC KEY----- ... -----END

Executing: ip tuntap add vpndrif mode tun return Keepalived errors show when tincd start: Jan 22 23:41:19 Keepalived_vrrp[1999]: Netlink: filter function error Jan 22 23:41:19 Keepalived_healthcheckers[1998]: Netlink: filter function error Jan 22 23:41:19 systemd-sysctl[23246]: Overwriting earlier assignment of kernel/shmmax in file '/etc/sysctl.d/99-sysctl.conf'. Jan 22 23:41:19

I tested a little more... tincd does not create virtual interface device correctly on CentOS 7, I don't know where tincd stop, probably on " System call `getaddrinfo' failed: Name or service not known" I sent you before. Keepalived return that error I shown on every ip command but this is not a problem now, I'll see this as soon as possible. If I execute these commands tun

Ok, I think synching 2 firewalls are best solution with keepalived active/passive HA, too. I'll try this solution to see if all goes straitforward between failover/failback and tinc communications. Thank you Guus. Best regards Roberto -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: venerd? 22 gennaio 2016 10.24 To: tinc at

Hello! I've a problem with tinc-up on Debian Woody (tinc 1.0pre7): router:/etc/tinc/vpn# /etc/init.d/tinc start Starting tinc daemons: vpn. router:/etc/tinc/vpn# tail /var/log/syslog Aug 23 03:25:26 router tinc.vpn[503]: /dev/tap0 is a Linux ethertap device Aug 23 03:25:26 router modprobe: modprobe: Can't locate module tap0 Aug 23 03:25:27 router last message repeated 4 times Aug 23

i'm pretty sure the tinc that builds from macports is 32-bit On Wed, Dec 10, 2014 at 10:37 AM, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: > Hello everyone! > > I have a PowerMac running 10.6.8 and I'd love to get it connected to my > VPN. However, even by compiling tuntaposx by hand on the said MacPro, I see > that the kernel module is apparently built for

Hi, All Due to some routing rotation purpose, I use crontab to add below info: 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 1 * * * * /usr/sbin/tincd -n myvpn -k 1 * * * * /usr/sbin/tincd -n myvpn --debug=3 30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp

yes, ip_forward was turned on. iptables is defaulted to ACCEPT policy on all the 3 chains. On Sat, May 14, 2016 at 1:24 AM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Sat, May 14, 2016 at 12:06:51AM +0800, Terry T wrote: > > > I have a Debian 8 64-bit machine set up as a server and apt-got the tinc > > package. I configured tinc as a bridge and everything seems