Displaying 20 results from an estimated 10000 matches similar to: "How to set Subnet in a node which act as both server and client role?"
2017 May 01
1
How to set Subnet in a node which act as both server and client role?
There is no concept of "client" or "server" in tinc. tinc is purely
peer-to-peer. "ConnectTo" statements only indicate which node will attempt
to establish the initial connection, but once the connection is
established, direction does not matter.
It is unclear from your message which node is responsible for which subnet.
If X/32 truly belongs to C, then simply set
2017 May 01
2
How to set Subnet in a node which act as both server and client role?
Hi, Etienne
In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C)
> On 1 May 2017, at 6:28 PM,
2017 May 01
1
How to set Subnet in a node which act as both server and client role?
You’re talking about Layer 2 bridging by Tinc? The use case here is layer 3 routing, but anyway, thanks for your feedback.
> On 1 May 2017, at 8:09 PM, LowEel <loweel at gmx.de> wrote:
>
> I cannot understand why you say the configuration for B will be tricky.
>
> If you select the switch mode, and some machine can initiate a
> connection to some other machine, until
2017 May 01
1
How to set Subnet in a node which act as both server and client role?
Hi, Etienne
I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example:
A ConnectTo B, B ConnectTo C:
If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B.
If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of
2017 May 01
0
How to set Subnet in a node which act as both server and client role?
I cannot understand why you say the configuration for B will be tricky.
If you select the switch mode, and some machine can initiate a
connection to some other machine, until
there is a path, the whole net will behave as all the tap device were
connected to a single switch.
Is not a vpn in the strict ipsec meaning, you should see it more like an
encrypted VLAN.
On 05/01/2017 12:00 PM, Bright
2017 May 01
0
How to set Subnet in a node which act as both server and client role?
Hi, Etienne
Exactly, I just did the test, remove the Subnet = X/32 from B, so I understood that the Subnet on host configuration is indicate local attached network, or let’s call it when going outside of the VPN domain.
And yes, A will try to establish UDP connection direct to C (if it has the route), so the first time, I can ping from A to X, and I found the traffic didn’t go through B, but
2017 May 01
0
How to set Subnet in a node which act as both server and client role?
Yes. Look up the "IndirectData" configuration option.
On 1 May 2017 at 11:30, Bright Zhao <startryst at gmail.com> wrote:
> Hi, Etienne
>
> In addition, is there any option or switch can turn of the automatic
> direct connection? For the example below, even A has the route to C and can
> establish UDP connection directly, but I need the traffic to go through B,
2015 Sep 25
1
tinc initialization (in both Red Hat and Debian families)
Hello again,
>From the point of view of a Red Hat *user*, the standardised way of doing
things would be to have
an /etc/sysconfig/tinc file containing something like:
NETWORKS="vpn1 vpn2 vpn3" (one or more names separated by spaces)
At initialization, each name should launch a separate tinc instance (a
different VPN)
tinc service should not start until the user adds at least
2003 Jan 25
4
multiple ssh tunnels needing different rules
I have a firewall running Shorewall 1.3.13-1 from rpm on a redhat 7.3
box. The box has three nics assigned to zones loc net and dmz. We also
have multiple vpn links accomplished via ssh tunnels, These links all
come from dynamic IP addresses with known private subnets behind them.
There are basically two types of networks these vpns connect, one with
access to almost everything and one with
2019 May 20
1
Second VPN network fails to start
Hello Lars,
Thanks for your feedback. Unfortunately I made an error in writing the network I expected to connect to. I meant 10.3.0.0/24 The one I wrote in fact was one network of the already established VPN. I have included full details of my relevant files below.
Background: I am trying to set up a second VPN between two servers: gtdb and db2. Both servers are already part of separate
2001 Jun 22
1
book on tinc
Hi Ivo and Guus,
We are writing a book on building VPNs for Linux and a part of it describes
tinc. I wanted to make sure that your opinion, as tinc authors and
developers, is reflected.
First, let me ask a couple of technical questions.
1.
If there are two hosts, foo and bar, that are to be connected via tinc, and
each host should only have _one_ IP address (i.e. nmask is /32), would the
2005 Mar 25
3
small issue with eth0:1
breakdown of what iam doing
ok i have access to 6 ips and i want to run all of them through my
firewall
ifconfig eth0 209.159.32.162 netmask 255.255.255.0 up
ifconfig eth0:1 209.159.32.163 netmask 255.255.255.0 up
that sets up the network card to have 2 address well in shorewall i
tried to add
eth0:1 to my interfaces well it says that
Determining Zones...
Zones: inet inet2 loc cust vpn1
2008 Jul 06
3
Routing and keying Questions
Hello!
I use tincd to interconnect 3 LANs: A, B and C. So long, it works fine:
everybody reaches everybody. But I want a different behavior: A and B should
be allowed to talk, as should B and C. I tried to simply delete the
host-files on the nodes that should not be allowed to talk to eachother:
A has a hostfile from B
B has a hostfile from A and C
C has a hostfile from B
But this is no
2015 Sep 25
1
tinc initialization (in both Red Hat and Debian families)
La 25.09.2015 13:00, tinc-request at tinc-vpn.org a scris:
> Unfortunately, this is not something that maps well to systemd. It would
> require a systemd to run a script that parses the sysconfig file and
> start all the tinc daemons. Systemd will then put all those daemons in
> the same control group and won't recognize something is wrong if only
> one of the daemons fail. So
2019 May 15
1
Second VPN network fails to start
Hi,
I have a small problem and any help appreciated.
Tinc 1.0.33 Ubuntu 18.04 at Digital Ocean
I need VPNs between 1 database server and two servers on separate networks:
VPN0 works OK
DB2 10.0.0.50/24 connects to Web1 10.0.0.1
Here is my ip r result:
default via x.x.x.x dev eth0 proto static
10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.51
10.15.0.0/16 dev eth0 proto kernel scope
2007 Jul 06
8
interop with strongswan / ipsec
I see support in shorewall for the KAME-tools, how about strongswan ?
I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my
vpn-gateway for the subnet behind it.
# Shorewall version 3.4 - Zones File
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
fil ipsec mode=tunnel mss=1400
net ipv4
2017 May 26
3
What/why this event happens: Can't write to Linux tun/tap device (tun mode) /dev/net/tun: Input/output error
Hi, All
Due to some routing rotation purpose, I use crontab to add below info:
0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp
0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp
1 * * * * /usr/sbin/tincd -n myvpn -k
1 * * * * /usr/sbin/tincd -n myvpn --debug=3
30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp
2012 Dec 29
10
How could I open Port 1701 for VPN l2tp/ipsec
Hello Mailinglist,
please excuse my bad english - but I am not a native speaker.
My Network looks like this:
Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X)
No I try to connect my iphone (from mobile Internet G3) over VPN
(l2tp/ipsec) with the firewall.
But I can´t open the necessary Port 1701.
/var/log/syslog
...
Dec 30 00:24:29 router kernel: [226128.293757]
2004 Nov 17
20
Some DNAT''s work, some don''t
We''ve just upgraded to a new firewall machine, and a new version of
Shorewall. We''re now on 2.04; previous version was 1.3.9b (!). So I''m
pretty sure whatever problems we''re having are related to the big
version jump.
We''re using config files that exactly match our old (working)
configuration (IOW, these are things which _were_ working on the old
2019 May 23
1
Second VPN network fails to start
Hi Lars,
Appreciate all your help, unfortunately the problem remains. I've marked up below:
>>> Lars Kruse <lists at sumpfralle.de> 22-May-19 4:02 PM >>>
Hello Robert,
Am Mon, 20 May 2019 11:11:39 +0700
schrieb "Robert Horgan" <Robert at gainplus.asia>:
> These are my files:
>
> On server 1: db2
>
> /etc/tinc/nets.boot
> #
>