similar to: Tinc support load-balance of one node to the other two?

H, Narcissus Quick one for the below case, if node A have a direct connection to node B, and node B have a connection to node X, then I found node A will be able to talk to node X, but the communication path is go through node B, instead of build direct connection between A and X, is that right? I tested this in my environment. A >> B >> X > On 1 May 2017, at 3:07 PM, Narcissus

Oh, thanks, in my current case, I haven’t config “Address” parameter in A’s host config, is this will make A prohibited it listen on the tinc ports? Question: 1. if I config “Address” in A’s config, and even though A is in a private subnet, it might still possible for A to establish connection with X(X is public IP address)? 2. If there any parameter to disable the direct connection discovery,

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

Hi, You mean use the vpn link as active active? What service run for the vpn? If pure tcp load balance, iptables can do these needs. If http service you can use L7 load balancer On 29 Oct 2017 7:04 pm, "Bright Zhao" <startryst at gmail.com> wrote: > Let’s say, tinc A node server LAN-1(single internet circuit), tinc B node > and tinc C node are both serve LAN-2.(two

I agree with the in-effective of TCP transmission, but I wonder if the the UDP packet is dropped, the tinc VPN itself wouldn’t retransmit, and if the upper level application doesn’t handle the packet loss well, will this be the problem? Or the upper level application have very limited tolerance to packet loss(like RDP application, I guess if the packet loss go to certain threshold, the connection

Hi, Tinc Expert in my tinc.conf, the ConnectTo to host X is commented, like below: #ConnectTo = X and there is a script: /etc/tinc/netname/hosts/X-up, I thought commented the ConnectTo X wouldn’t trigger the X-up, but it did. Why? What’s the logic behind to trigger host-up? How can I avoid this except remove the host-up file? Bright Zhao

Hi, Etienne I took a look for the below host configuration parameter (IndirectData), the default is no. For the below example: A ConnectTo B, B ConnectTo C: If IndirectData = no (default), then A wouldn’t establish direct connection with C, but will be forwarded by B. If IndirectData = yes, then A will try to establish direct connection with C, even though A don’t have the statement of

Hi, Tinc experts I’m on-boarding for Tinc for just quite a few days, and trying to setup the connection between one client to multiple server, where multiple vpn tunnels from the client to different server. From the documentation, it indicate the tinc.conf can support multiple ConnecTo, also the tinc can support multiple netname, like /etc/tinc/net1, /etc/tinc/net2. My question is, for my above

Hi, My CentOS has upgrade the openssl to 1.1.1a, and I thought my tinc(1.0.35) installed by yum will use the new openssl, but it looks not the fact. So is tinc(1.0.35) support openssl 1.1.1a? If so, how can I make it running in this version of openssl?

We knew the TCP-BBR developed by google and try to optimize the transport efficiency of TCP, I’m wondering will this be beneficial if we put tinc in TCP mode plus the TCP-BBR?

There is no concept of "client" or "server" in tinc. tinc is purely peer-to-peer. "ConnectTo" statements only indicate which node will attempt to establish the initial connection, but once the connection is established, direction does not matter. It is unclear from your message which node is responsible for which subnet. If X/32 truly belongs to C, then simply set

If the concern is more about the reliability instead of throughput, should I add TCPonly = yes in the host configuration to make the VPN runs on TCP?

Hi, Tinc expert If there’re multiple tinc nodes announce default route in their host configuration of Subnet = 0.0.0.0/0, how for the remaining nodes to select which is the best route to get out? All of them participant in the same tinc net. I did some test, like A as the branch, B,C,D as the nodes to announce default route; when all up , A select B, but if B down, A will go C, C down, A will

Hi, Etienne Thanks for your clarification, and this helped a lot. And in order to get a better understanding for the mechanism of Tinc and the purpose of ConnectTo statement, can I think the ConnectTo is the way to get the node into the Tinc VPN domain, instead of establish VPN connection between nodes. Once any node ConnectTo the Tinc VPN domain, it learns all other nodes, subnets, and

Hi, Tinc experts Diagram as below, A is trying to access host X behind C: A >> B >> C — “host X" B is the tinc server for A, but also B is the tinc client to connect to C. My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32,

Hi, Lars Thanks for your suggestion, will give it a try later to see how it performs. But, yesterday, I did a below test: A ConnectTo B and C, B ConnectTo D, C ConnectTo D; All nodes turned "IndirectData" on in its host configuration, so the tunnel only follow metacomnection instead of direct connect. D announced default route by having the Subnet = 0.0.0.0/0 statement in its host

Sure, let me reply all here for my finding. @Lars @Guus A’s tinc.conf: Name = bright AddressFamily = ipv4 ConnectTo = aly_hk A’s tinc-up: #!/bin/sh ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0 A’s host config: Subnet = 10.0.0.110/32 (VPN address) Subnet = 192.168.31.0/24 (LAN address) IndirectData = yes (enabled for every tinc nodes) The node aly_hk (vpn address 10.0.0.3) connects with

Hello, I am not very good at linux networking. I have read tinc documentation multiple times and I still don't understand what the "Subnet = ..." directive does in /etc/tinc/$NET_NAME/hosts/$HOST_NAME Right now I have a simple virtual lan organized with tinc, and I use the following in every device's config file (replacing the last part of the address): # This computer will

I have looked into this and it would definitely be possible, NETunnelProvider. It was not looking like a simple port though, a lot of glue required to get it to a state Apple would approve. This had been on my list of projects to attempt if I could find the time and energy to commit to it. If you do port it I would be very interested! Regards, Ryan Mounce On 26 July 2017 at 20:54, Bright Zhao

Hi, Is there any existing solution to install iOS9 on unjailbroken iOS devices ? If there is none, I'm thinking of porting tinc to iOS, I haven't looked at the source code much but I should be able to create a NetworkExtension for tinc. Thank you, Paul. -------------- next part -------------- An HTML attachment was scrubbed... URL: