similar to: Multiple default gateway from tinc node

Hi, Tinc expert If there’re multiple tinc nodes announce default route in their host configuration of Subnet = 0.0.0.0/0, how for the remaining nodes to select which is the best route to get out? All of them participant in the same tinc net. I did some test, like A as the branch, B,C,D as the nodes to announce default route; when all up , A select B, but if B down, A will go C, C down, A will

Hi, Lars Thanks for your suggestion, will give it a try later to see how it performs. But, yesterday, I did a below test: A ConnectTo B and C, B ConnectTo D, C ConnectTo D; All nodes turned "IndirectData" on in its host configuration, so the tunnel only follow metacomnection instead of direct connect. D announced default route by having the Subnet = 0.0.0.0/0 statement in its host

Sure, let me reply all here for my finding. @Lars @Guus A’s tinc.conf: Name = bright AddressFamily = ipv4 ConnectTo = aly_hk A’s tinc-up: #!/bin/sh ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0 A’s host config: Subnet = 10.0.0.110/32 (VPN address) Subnet = 192.168.31.0/24 (LAN address) IndirectData = yes (enabled for every tinc nodes) The node aly_hk (vpn address 10.0.0.3) connects with

On Wed, May 03, 2017 at 02:15:36PM +0800, Bright Zhao wrote: > 1. The destination of IPv4 wouldn’t be changed, Yes I agree, that’s the goal and final destination for the communication. But during the path, it may be encapsulated into another packet(tunnel mode), where the outside IP header is the physical address, but the inner destination remain unchanged, and I think Tinc encapsulates into

Hello, Am Mon, 1 May 2017 23:35:53 +0800 schrieb Bright Zhao <startryst at gmail.com>: > If there’re multiple tinc nodes announce default route in their host > configuration of Subnet = 0.0.0.0/0, how for the remaining nodes to select > which is the best route to get out? it is important to understand that tinc only takes care for exchanging metadata (e.g. "subnet"

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

Hi, Guus I did some test regarding the points you mentioned below, and yes, you’re right, but some of points may need further adjusted: 1. The destination of IPv4 wouldn’t be changed, Yes I agree, that’s the goal and final destination for the communication. But during the path, it may be encapsulated into another packet(tunnel mode), where the outside IP header is the physical address, but the

Hi, Guus I don’t quite understand what you describe below, to me, no matter tinc or any other router/PC get an IP packet, it will go to check with its route table, to match the destination IP against the route table for the next hop, if I put "ip route add default via <C’s VPN IP address> dev $INTERFACE", I thought tinc will match the packet’s destination IP to the “default”, and

Yes. Look up the "IndirectData" configuration option. On 1 May 2017 at 11:30, Bright Zhao <startryst at gmail.com> wrote: > Hi, Etienne > > In addition, is there any option or switch can turn of the automatic > direct connection? For the example below, even A has the route to C and can > establish UDP connection directly, but I need the traffic to go through B,

Hello, Am Tue, 2 May 2017 09:16:53 +0800 schrieb Bright Zhao <startryst at gmail.com>: > [..] > Since A have both ConnectTo to B and C(To D through C), and the default > gateway set to C, why A chose B instead of D's default route? this is starting to become a little bit confusing. Let us clear this up with facts :) Could you please share your routing table with us?

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

Let’s say, tinc A node server LAN-1(single internet circuit), tinc B node and tinc C node are both serve LAN-2.(two internet circuits) Normally, we can only set tinc A to connect to either B or C, and then the other set as backup. But in some circumstances, we would like to combine the internet pipe of both two circuits, so that the tunnel traffic can have a better bandwidth. If that’s the

Earlier, my tinc topology is this: https://ibb.co/bP1EJa <https://ibb.co/bP1EJa>, let me explain a little bit: client configuration: Name = client AddressFamily = ipv4 ProcessPriority = high PingTimeout = 10 TunnelServer = yes 1. All tinc nodes configured with “IndirectData = yes”, and the lines shown on the picture with arrow means the directional “ConnectTo”, so all the tinc traffic will

On Tue, May 02, 2017 at 09:16:53AM +0800, Bright Zhao wrote: > In this case, A's traffic route to Internet is go through C to D to internet, but If I add Subnet =0.0.0.0/0 on B, the traffic seems go directly from A to B to internet. [...] > During the whole process, A's default gateway point to C. It might look that way, but it doesn't. I assume you did something like this on

On Tue, May 02, 2017 at 09:53:15PM +0800, Bright Zhao wrote: > When tinc daemon get up on A(together with some manual scripts for destination to 8.8.8.8), the route table looks like below: > 10.0.0.0/24 dev tun0 > 10.0.0.3 dev tun0 > 8.8.8.8 via 10.0.0.3 dev tun0 IPv4 packets have only two addresses in their header: the source and the destination address. If you want to send a packet

Hi, All Here is the case: A, B, C, D all configured with "IndirectData = yes”, so connection only happens when there’s a “ConnectTo” in tinc.conf. Arrow indicate the “ConnectTo” direction Everything works fine earlier as below: 1. A connect to C, D connect to C 2. C is the transit node where only forward traffic between A and C 3. D advertise 0.0.0.0/0#2 4. A can access internet from D

Hi, You mean use the vpn link as active active? What service run for the vpn? If pure tcp load balance, iptables can do these needs. If http service you can use L7 load balancer On 29 Oct 2017 7:04 pm, "Bright Zhao" <startryst at gmail.com> wrote: > Let’s say, tinc A node server LAN-1(single internet circuit), tinc B node > and tinc C node are both serve LAN-2.(two

On 11 April 2018 at 11:30, Hans de Groot <hansg at dandy.nl> wrote: > Hello again :) > > Thank you all for your reply's. Below are the config files of the 3 hosts. > I use tinc in router mode. I do not have a kernel mode config lines > anywhere so tinc must be using the default settings here. > > I added the ipaddressx to subnets on hostc and this works. Traffic

Hi, Reason behind that is we have some use cases wouldn’t like to make some nodes to become the transit node, but there’re some other nodes in the topology act as the transit nodes. So if the tinc node forward subnet update it learning from one side to the other side, then it possible to become transit node if one side only have route to go through it. That node I would call it “spoke-only”

Hi, All Recently, one of my tinc client always suffer connection drop, I was suspect the connection was not stable to cause this issue, and BTW, I’ve set the PingTimeout to 10 seconds already, but this situation still happens a lot sometimes, but when the connection drop happens, the connection recovery pretty fast, normally in a minutes. In order to deep dive into the cause, or proven the