similar to: multithreading, subnet weights, logging info

Hello, Bumping this in the hope someone can help me. If all the questions are too much, could anyone answer #3: Is there any way to have multiple tinc daemons active-active advertising the same subnet with traffic distributed between the two? thanks On Mon, Feb 27, 2017 at 12:32 PM, Ryan, Justin <justin.ryan at nytimes.com> wrote: > Multiple questions here, thinking one email is less

Hi, We want to deploy a tinc VPN, with more than 50 sites connected all arround the world. But we cannot trust all our sites with the same level, so the tinc solution (automatic full mesh) is "too automatic" for us : *any* node can add a new node which will be connected directly to others. A solution could be TLS (signing public keys), but create a PKI is another issue for us.

Hi, I'm using Tinc in a scenario where round-trip time matters. I've multiple nodes behind firewalls (with and without NAT) and a single public server node. How do I can get the current state of UDP data-connections between my firewall'd nodes? According to the docs: - 'dump connections' give me all TCP meta-connections of the current node - 'dump edges' give me

Hello, We're suffering from sporadic network blockage(read: unable to ping other nodes) with 1.1-pre17. Before upgrading to the 1.1-pre release, the same network blockage also manifested itself in a pure 1.0.33 network. The log shows that there are a lot of "Got ADD_EDGE from nodeX (192.168.0.1 port 655) which does not match existing entry" and it turns out that the mismatches

Hello, I am tying to create tinc vpn for the ~1000 nodes and was thinking why meta connections are needed at all if I only need static configuration where every node knows addresses of other hosts and due to the amount of traffic any indirect connections will not work, so DirectOnly=yes is a must and then passing around routing information is not needed, right? Currently I have 10 nodes

Hello! I have recently installed tinc on a linux 2.4 machine which has 192.168.0.0/24 private network connected to eth0 and registered ip on eth1. I also installed tinc on Windows 2000 machine on a remote location. for this moment I can establish connection, on Linux machine tincd says: Sep 26 21:10:50 hostname tinc.gscvpn[483]: Node home (y.y.y.y port 655) became reachable But i

Hi all! I still have never managed to fully wrap my head around how UDP data tunnels can be established between nodes. Everytime I think I understand it, I see something that confuses me again Just now I am seeing the following: I have nodes A, B + C A has everybody's keys and host configuration files. B and C only have A's key, and host config with A's public IP address. B and

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10

I would like to discuss the following commit: https://github.com/gsliepen/tinc/commit/4a0b9981513059755b9fd15b38fc198f46a0d6f2 ("Determine peer's reflexive address and port when exchanging keys") This is a great feature as it basically allows peers to do UDP Hole Punching (via MTU probes) even when both are having their source ports rewritten by a NAT, which is extremely useful.

Hello, We are using tinc 1.0.24 with switch mode. Some questions regarding to the UDP connections on tinc. As far as I understand tinc is building meta connections with "ConnectTo", and "ADD_EDGE" packet. With the help of EDGE info two nodes who don't have direct meta connection are able to communicate through direct UDP connection. I understand we can dump the meta

Hallo, Another strange and difficult to understand thing - seems like all the easy bugs in 1.1 are gone ;) waehring (1.1) | +-------------------+--------------+ | | | vpnhub1 (1.1) igor (1.1) turing (1.0) | | | +-------------------+--------------+ | tokamak Whenever another node outside of the graph connects to vpnhub or igor

Hi, We've been running tinc for a while now but, have started hitting a bottleneck where the number of packets/sec able to be processed by our Tinc nodes is maxing out around 4,000 packets/sec. Right now, we are using the default cipher and digest settings (so, blowfish and sha1). I've been testing using aes-256-cbc for the cipher and seeing ~5% increases across the board. Each Tinc node

Hello! I have encountered a bug using tincd with Microsoft Windows: Below you'll find my Setup and my Logs. In short, i do the following: 1. office running tincd 1.0.7 and waiting for connections (no ConnectTo, but this does not resolve the issue) 2. the supporter starts up tincd 1.0.7 on windows (native) 3. ping from windows ("support") to the office: Here the error occours:

I've been using SPTPS (a.k.a ExperimentalProtocol) for a while now, but I've only recently started looking into the details of the protocol itself. I have some questions about the design: - I am not sure what the thread model for SPTPS is when compared with the legacy protocol. SPTPS is vastly more complex than the legacy protocol (it adds a whole new handshake mechanism), and

Thanks Guus I have one more question. - We see several log messages that we dont currently understand - Can you comment on what they mean and if they are concerning? I've obfuscated IP's and node names so please ignore those. Our tinc daemon command is: tincd -n <vpn name> -- Received short packet -- Got REQ_KEY from node003 while we already started a SPTPS session! -- Invalid

I have question about multipath routing. I am running a 2.6.7 kernel (gentoo). I have a route with three nexthops on the same interface. I see a different nexthop being picked for different destination addresses. All is fine. Now if one of the nexthop goes down (arp entry times out and arp request doesnt get a response), does it remove the nexthop from contention and only use the remaining two

********************************************************************** Este email assim como os ficheiros que possa ter em anexo s?o confidenciais e para uso exclusivo da pessoa ou organiza??o para o qual foi enviado. Se recebeu este email por engano por favor notifique Redes@bnc.pt Esta nota confirma que esta mensagem foi verificada pelo MIMEsweeper n?o tendo sido encontrados virus.

Hi! here a little patch for darknet functionality, i hope it does what its intended for sufficiently ... but it seems to work :). what should it do? imagine your friend-network. A trusts B and C. B trusts D and E, D trust F, C trusts G. All trust relationships are mutal A <---> C <---> G ^ \ \-----> B <---> D <---> F ^ \ \---> E

Hello, I''m writing my first puppet function rspec test and am having a problem which I don''t see how to solve. The function (and the test) involve access to files through the File Server. In order for the function (and the test) to work I need to pass "--fileserverconf=fileserver.conf" parameter to Puppet. So far I haven''t found a way to do that. If I

Hello, I have been reading through the documentation and trying to set up a very small VPN as a test for a larger rollout that I would like to complete in the future but cannot get this working. The configuration seems like it should be relatively simple, so I'm most likely missing something basic but I just cannot see what I'm doing wrong. At the moment I am trying to get this working