similar to: What would be the configuration options to turn off all mesh routing

Hi, We have a tinc network of about ~200 hosts and in the full mesh configuration we've had a lot of problems with the edge propagation storms taking the entire network down. Recently we had a setup with a small number of "hubs" to which all the other nodes connected to, which limited the number of meta connections, but that didn't help much with the edge propagation issues.

http://www.open-mesh.org/ Idea #1: is BATMAN worth considering using as part of the layer 2 routing in Tinc? Idea #2: would it be possible to embed BATMAN as an option to avoid having to use Quagga for routing v6 subnets? -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi, thank for getting back. I'll answer the questions, but I've already gave up on tinc and switch to zerotier-one. On 2020-07-27 5:10 p.m., borg at uu3.net wrote: > Hi. I have few questions out of curiosity.. Cant help for now with > your problem... > > What version is crashing? 1.1 or 1.0 ? 1.1 is crashing > > How your network is segmented..? > I use tinc myself

Let me start with what I'm trying to accomplish. I use tinc mainly to get to subnets behind the daemons and I don't control those subnets and can't guarantee overlap. I was using routing mode and reconfiguring tinc every time i needed to get to a subnet behind a specific daemon. Then I came across switch mode that allowed me to simply add routes based on the IP address of the tinc

Hello! I use tincd to interconnect 3 LANs: A, B and C. So long, it works fine: everybody reaches everybody. But I want a different behavior: A and B should be allowed to talk, as should B and C. I tried to simply delete the host-files on the nodes that should not be allowed to talk to eachother: A has a hostfile from B B has a hostfile from A and C C has a hostfile from B But this is no

Hi all, I have a network with about ~800. The network is a mix of tinc 1.0 and 1.1 nodes. It is gradually expanding for several years now. The problem is that at some point it seams the daemon can not handle the processing of the new connection and the edges. There are 3 major nodes in the system and every other node initially makes connection to one of them. Now after a lot of debugging

Dear All, We are trying the Tinc invites to let nodes join the network. This is working as described but we want to push some configuration for some nodes but this seemed not to be working. What is working is the following invite: Name = test_invite NetName = test_VPN ConnectTo = test_hub01 Ifconfig = 172.16.1.4/24 Subnet = 172.16.1.4

Hi All, I've been playing around with TINC and like what I've seen so far. I wanted a TINC tunnel like this, where I have a server on the Internet with a public IPv4 address as my TINC server. Then I can have clients connect to it and see each other except that the client at a customer site would allow me to route behind it so I could see hosts on site beyond my device on premise. I do

Hello, Here is a patch for protocol_subnet.c with two modifications : - in tunnelserver mode, tinc must check subnets in the ".../hosts/owner" config file, not in "c->config_tree" (which is the configuration of the meta-connection from which we receive the ADD_SUBNET message). - this checking can be made before the check of the owner, especially before any

thanks, but i was able to make it work based on some suggestion on tomato shibby forums. Regards Ramesh On Sun, Jan 15, 2017 at 9:02 AM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Fri, Jan 13, 2017 at 06:53:07PM +0000, Guillermo Bisheimer wrote: > > > I've setup a Tinc VPN for a bunch of nodes divided in two groups: > > > > Group 1: > > IP Range

Hi, we use a tinc network of about 400 nodes, all of them linux servers, partly in different datacenters (but generally low latency). Usually this is working very well (for weeks without a problem). >From time to time the whole network goes down though. This happened when we restarted a larger number of servers or when there was a connectivity issue between datacenters or some (short)

The following is maybe a bug report, and a proposed patch. Using latest stable tinc 1.0.12. I have a central server and a few clients connecting to this server. I don't want clients to speak directly, but I want all the communications to pass by the server. My configuration is: Mode = switch TunnelServer = Yes I need layer2 because of some ethernet stuff on the clients. When you have

Hi everyone. I'm wondering whether a setup like the one described below would be possible with Tinc: nodeA1 nodeB3 | | (Network A) --- [GWA] --- (Internet) --- [GWB] --- (Network B) | | nodeA2

We have a handful of nodes set up. Some are NAT'd but a few have direct access to the Internet. Sample confs: HostA: Name = HostA AddressFamily = any Interface = tap0 Mode = switch Connectto = HostB GraphDumpFile = /tmp/mesh HostB: Name = HostB AddressFamily = any Interface = tap0 Mode = switch Connectto = HostA GraphDumpFile = /tmp/mesh And so on. If I use HostA as the main meta sever.

Hi I have a Tinc cluster of about 100 nodes, and they are all running tinc 1.1pre14. I'd like to upgrade to tinc 1.1pre15. Is there a suggested mechanism to do this while keeping the cluster up? For instance can I simply automate the installation of tinc 1.1pre15 on each node and reload the existing configuration using 'tinc reload' Will the temporary state of having a mix set of

I don't know why, but for my case, I reduced the tinc topology from a complex one(which provide layered redundancy) to a very simpled one(one connection), and that connection drop disappeared. Later, let me draw the topology and share the config to you to see if there's any findings of the cause. Guus Sliepen <guus at tinc-vpn.org>于2017年9月14日 周四上午3:20写道： > On Wed, Sep 13, 2017

*You should repeat this for all nodes you ConnectTo, or which ConnectTo you. However, remember that you do not need to ConnectTo all nodes in the VPN; it is only necessary to create one or a few meta-connections, after the connections are made tinc will learn about all the other nodes in the VPN, and will automatically make other connections as necessary. * The above is from the docs. Assuming

Hi, We want to deploy a tinc VPN, with more than 50 sites connected all arround the world. But we cannot trust all our sites with the same level, so the tinc solution (automatic full mesh) is "too automatic" for us : *any* node can add a new node which will be connected directly to others. A solution could be TLS (signing public keys), but create a PKI is another issue for us.

Hi, I wrote a draft puppet module to maintain a L2 mesh based on tinc [1]. I tried to explain what it is about so that it makes sense even to people who know nothing about tinc [2]. Before polishing it so that it can be useful to the general public instead of just myself, I would very much appreciate your comments. This is my first experience with tinc and I would like to improve :-) Thanks for

Hello, tinc experts! I have a question that I have not been able to find an answer to after reading the manual and examples and I was hoping someone could help me. So, let's say I have an elastic number of hosts all in rfc-1918 space that need to talk to each other. And lets also say that I do not trust the network they are on. Is there a way I can configure tinc on all N hosts to use the