Displaying 20 results from an estimated 1000 matches similar to: "Why host-up script triggered even not ConnectTo?"
2017 May 01
3
Why host-up script triggered even not ConnectTo?
H, Narcissus
Quick one for the below case, if node A have a direct connection to node B, and node B have a connection to node X, then I found node A will be able to talk to node X, but the communication path is go through node B, instead of build direct connection between A and X, is that right? I tested this in my environment.
A >> B >> X
> On 1 May 2017, at 3:07 PM, Narcissus
2017 May 01
2
Why host-up script triggered even not ConnectTo?
Oh, thanks, in my current case, I haven’t config “Address” parameter in A’s host config, is this will make A prohibited it listen on the tinc ports?
Question:
1. if I config “Address” in A’s config, and even though A is in a private subnet, it might still possible for A to establish connection with X(X is public IP address)?
2. If there any parameter to disable the direct connection discovery,
2017 May 01
0
Why host-up script triggered even not ConnectTo?
I don't really think Address config in node description will decide it will
listening for the public connection or not. From my own case, even if a
real private node(pppoe dynamic address, tcp port listening not allowed,
but Udp allowed) can have a p2p direct connection, I think it based on udp
NAT traverse, but if you use TCPonly for this node, and also forbidden the
incoming traffic to this
2017 May 01
0
Why host-up script triggered even not ConnectTo?
Indeed it depends, tinc will have a port listening for incoming
connections(both tcp and udp), if A have exposed its listening ports, a
direct connection will be tried to build between the nodes, otherwise it
will go from the intermediate node.
--
Narcissus Emi
日時: 2017年5月1日 15:12:16, Bright Zhao (startryst at gmail.com) が書きました::
> H, Narcissus
>
> Quick one for the below case, if
2017 May 01
0
Why host-up script triggered even not ConnectTo?
X-up is being called when any connection is being built between node A and
node X, it doesn't have anything to do whether you have connectTo in the
config file or not.
Because tinc is a mesh network, if node A have a direct connection to node
B, and node B have a connection to node X, you can have a connection
between A and X, and X-up is being called at the moment when it built a
connection
2012 Nov 28
1
default gate via tinc
Hi,
I have two tinc nodes which announce default gate to internet.
How does tinc select which node is prefered when I route to the tinc
device and not a special ip?
tinc 1.0.16
ALBI...
2017 May 01
2
How to set Subnet in a node which act as both server and client role?
Hi, Etienne
In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C)
> On 1 May 2017, at 6:28 PM,
2017 Apr 29
2
Concept clarification between multiple ConnecTo and multiple netname
Hi, Tinc experts
I’m on-boarding for Tinc for just quite a few days, and trying to setup the connection between one client to multiple server, where multiple vpn tunnels from the client to different server. From the documentation, it indicate the tinc.conf can support multiple ConnecTo, also the tinc can support multiple netname, like /etc/tinc/net1, /etc/tinc/net2.
My question is, for my above
2017 May 01
1
How to set Subnet in a node which act as both server and client role?
Hi, Etienne
I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example:
A ConnectTo B, B ConnectTo C:
If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B.
If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of
2017 May 01
2
Concept clarification between multiple ConnecTo and multiple netname
Hi, Etienne
Thanks for your clarification, and this helped a lot. And in order to get a better understanding for the mechanism of Tinc and the purpose of ConnectTo statement, can I think the ConnectTo is the way to get the node into the Tinc VPN domain, instead of establish VPN connection between nodes.
Once any node ConnectTo the Tinc VPN domain, it learns all other nodes, subnets, and
2017 May 01
2
Multiple default gateway from tinc node
Hi, Tinc expert
If there’re multiple tinc nodes announce default route in their host configuration of Subnet = 0.0.0.0/0, how for the remaining nodes to select which is the best route to get out?
All of them participant in the same tinc net.
I did some test, like A as the branch, B,C,D as the nodes to announce default route; when all up , A select B, but if B down, A will go C, C down, A will
2017 May 01
1
How to set Subnet in a node which act as both server and client role?
There is no concept of "client" or "server" in tinc. tinc is purely
peer-to-peer. "ConnectTo" statements only indicate which node will attempt
to establish the initial connection, but once the connection is
established, direction does not matter.
It is unclear from your message which node is responsible for which subnet.
If X/32 truly belongs to C, then simply set
2017 May 01
4
How to set Subnet in a node which act as both server and client role?
Hi, Tinc experts
Diagram as below, A is trying to access host X behind C:
A >> B >> C — “host X"
B is the tinc server for A, but also B is the tinc client to connect to C.
My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky.
As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32,
2017 May 02
4
Multiple default gateway from tinc node
Sure, let me reply all here for my finding. @Lars @Guus
A’s tinc.conf:
Name = bright
AddressFamily = ipv4
ConnectTo = aly_hk
A’s tinc-up:
#!/bin/sh
ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0
A’s host config:
Subnet = 10.0.0.110/32 (VPN address)
Subnet = 192.168.31.0/24 (LAN address)
IndirectData = yes (enabled for every tinc nodes)
The node aly_hk (vpn address 10.0.0.3) connects with
2017 May 02
4
Multiple default gateway from tinc node
Hi, Lars
Thanks for your suggestion, will give it a try later to see how it performs.
But, yesterday, I did a below test:
A ConnectTo B and C, B ConnectTo D, C ConnectTo D; All nodes turned "IndirectData" on in its host configuration, so the tunnel only follow metacomnection instead of direct connect.
D announced default route by having the Subnet = 0.0.0.0/0 statement in its host
2015 Jan 12
2
tinc connectTo cleanup
I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts.
I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf
file, the issue is I am not able to figure out which ConnectTo is been used
and which are stale, say NOT used in last 2 to 3 days.
I want to remove those ConnectTo which are no longer actively used.
Is it possible to find which ConnectTo are not used.
2017 Jun 01
1
Cache of the the unreachable nodes cause un-optimized route?
Hi, All
Here is the case:
A, B, C, D all configured with "IndirectData = yes”, so connection only happens when there’s a “ConnectTo” in tinc.conf.
Arrow indicate the “ConnectTo” direction
Everything works fine earlier as below:
1. A connect to C, D connect to C
2. C is the transit node where only forward traffic between A and C
3. D advertise 0.0.0.0/0#2
4. A can access internet from D
2017 Aug 22
2
using both ConnectTo and AutoConnect to avoid network partitions
Hi
Today our Tinc network saw a network partition when we took one tinc node
down.
We knew there was a network partition since the graph showed a split. This
graph is not very helpful but its what I have at the moment:
http://i.imgur.com/XP2PSWc.png
- (ignore node labeled ignore, since its a dead node anyways)
- node R was shutdown for maintenance
- We saw a network split
- we brought node R
2017 Aug 22
3
using both ConnectTo and AutoConnect to avoid network partitions
Hi Guus
Thanks for clarifying. Some follow up questions:
- How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to
upgrade to?
- What is the workaround until we patch with this fix? Using a combination
of AutoConnect and ConnectTo?
- When we use ConnectTo, is it mandatory to have a cert file in the hosts/*
dir with an IP to ConnectTo ?
-nirmal
On Tue, Aug 22, 2017 at 12:10
2017 Aug 31
2
using both ConnectTo and AutoConnect to avoid network partitions
Hi Guus
Following your suggestion we reconfigured our tinc network as follows.
Here is a new graph and below is our updated configuration:
http://imgur.com/a/n6ksh
- 2 Tinc nodes (yellow labels) have a public external IP and port 655 open.
They both have ConnectTo's to each other and AutoConnect = yes
- The remainder tinc nodes (blue labels) have their tinc.conf set up as
follows: