similar to: How to set Subnet in a node which act as both server and client role?

There is no concept of "client" or "server" in tinc. tinc is purely peer-to-peer. "ConnectTo" statements only indicate which node will attempt to establish the initial connection, but once the connection is established, direction does not matter. It is unclear from your message which node is responsible for which subnet. If X/32 truly belongs to C, then simply set

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

You’re talking about Layer 2 bridging by Tinc? The use case here is layer 3 routing, but anyway, thanks for your feedback. > On 1 May 2017, at 8:09 PM, LowEel <loweel at gmx.de> wrote: > > I cannot understand why you say the configuration for B will be tricky. > > If you select the switch mode, and some machine can initiate a > connection to some other machine, until

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

I cannot understand why you say the configuration for B will be tricky. If you select the switch mode, and some machine can initiate a connection to some other machine, until there is a path, the whole net will behave as all the tap device were connected to a single switch. Is not a vpn in the strict ipsec meaning, you should see it more like an encrypted VLAN. On 05/01/2017 12:00 PM, Bright

Hi, Etienne Exactly, I just did the test, remove the Subnet = X/32 from B, so I understood that the Subnet on host configuration is indicate local attached network, or let’s call it when going outside of the VPN domain. And yes, A will try to establish UDP connection direct to C (if it has the route), so the first time, I can ping from A to X, and I found the traffic didn’t go through B, but

Yes. Look up the "IndirectData" configuration option. On 1 May 2017 at 11:30, Bright Zhao <startryst at gmail.com> wrote: > Hi, Etienne > > In addition, is there any option or switch can turn of the automatic > direct connection? For the example below, even A has the route to C and can > establish UDP connection directly, but I need the traffic to go through B,

Hello again, >From the point of view of a Red Hat *user*, the standardised way of doing things would be to have an /etc/sysconfig/tinc file containing something like: NETWORKS="vpn1 vpn2 vpn3" (one or more names separated by spaces) At initialization, each name should launch a separate tinc instance (a different VPN) tinc service should not start until the user adds at least

I have a firewall running Shorewall 1.3.13-1 from rpm on a redhat 7.3 box. The box has three nics assigned to zones loc net and dmz. We also have multiple vpn links accomplished via ssh tunnels, These links all come from dynamic IP addresses with known private subnets behind them. There are basically two types of networks these vpns connect, one with access to almost everything and one with

Hello Lars, Thanks for your feedback. Unfortunately I made an error in writing the network I expected to connect to. I meant 10.3.0.0/24 The one I wrote in fact was one network of the already established VPN. I have included full details of my relevant files below. Background: I am trying to set up a second VPN between two servers: gtdb and db2. Both servers are already part of separate

Hi Ivo and Guus, We are writing a book on building VPNs for Linux and a part of it describes tinc. I wanted to make sure that your opinion, as tinc authors and developers, is reflected. First, let me ask a couple of technical questions. 1. If there are two hosts, foo and bar, that are to be connected via tinc, and each host should only have _one_ IP address (i.e. nmask is /32), would the

breakdown of what iam doing ok i have access to 6 ips and i want to run all of them through my firewall ifconfig eth0 209.159.32.162 netmask 255.255.255.0 up ifconfig eth0:1 209.159.32.163 netmask 255.255.255.0 up that sets up the network card to have 2 address well in shorewall i tried to add eth0:1 to my interfaces well it says that Determining Zones... Zones: inet inet2 loc cust vpn1

Hello! I use tincd to interconnect 3 LANs: A, B and C. So long, it works fine: everybody reaches everybody. But I want a different behavior: A and B should be allowed to talk, as should B and C. I tried to simply delete the host-files on the nodes that should not be allowed to talk to eachother: A has a hostfile from B B has a hostfile from A and C C has a hostfile from B But this is no

La 25.09.2015 13:00, tinc-request at tinc-vpn.org a scris: > Unfortunately, this is not something that maps well to systemd. It would > require a systemd to run a script that parses the sysconfig file and > start all the tinc daemons. Systemd will then put all those daemons in > the same control group and won't recognize something is wrong if only > one of the daemons fail. So

Hi, I have a small problem and any help appreciated. Tinc 1.0.33 Ubuntu 18.04 at Digital Ocean I need VPNs between 1 database server and two servers on separate networks: VPN0 works OK DB2 10.0.0.50/24 connects to Web1 10.0.0.1 Here is my ip r result: default via x.x.x.x dev eth0 proto static 10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.51 10.15.0.0/16 dev eth0 proto kernel scope

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

Hi, All Due to some routing rotation purpose, I use crontab to add below info: 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 1 * * * * /usr/sbin/tincd -n myvpn -k 1 * * * * /usr/sbin/tincd -n myvpn --debug=3 30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

We''ve just upgraded to a new firewall machine, and a new version of Shorewall. We''re now on 2.04; previous version was 1.3.9b (!). So I''m pretty sure whatever problems we''re having are related to the big version jump. We''re using config files that exactly match our old (working) configuration (IOW, these are things which _were_ working on the old

Hi Lars, Appreciate all your help, unfortunately the problem remains. I've marked up below: >>> Lars Kruse <lists at sumpfralle.de> 22-May-19 4:02 PM >>> Hello Robert, Am Mon, 20 May 2019 11:11:39 +0700 schrieb "Robert Horgan" <Robert at gainplus.asia>: > These are my files: > > On server 1: db2 > > /etc/tinc/nets.boot > # >