tinc devel - May 2000 - New config directive VpnMask

Hello Mads,

In case you never saw any mail from me, I'm tinc's co-author. It would
be
helpful if you'd subscribe to the tinc developpers mailing list. It's
not
high volume, but it eases communication.

There's a problem with tinc's boot scripts (at least the debian one, but
that's fixed now). The netmask of the tap devices should be larger than
the one specified with MyOwnVPNIP, because it must accept packets that are
destined for other subnets. We have a new directive that goes into
tinc.conf, VpnMask. Suppose our TOTAL vpn is 10.1.x.x/16, and our own
subnet is 10.1.1.x/24, this should go into tinc.conf:

MyOwnVPNIP = 10.1.1.1/24
VpnMask = 255.255.0.0

Ivo asked me to inform you about this, so you could adapt the RedHat boot
scripts.

Met vriendelijke groet,
Guus Sliepen.

---
TINC development list, tinc-devel@nl.linux.org
Archive: http://mail.nl.linux.org/tinc-devel/

Hello,

Today I got mail from Guus Sliepen:
> In case you never saw any mail from me, I'm tinc's co-author. 
Hello, I've only heard about your fame, not "met" you. ;)
> It would be helpful if you'd subscribe to the tinc developpers
> mailing list. It's not high volume, but it eases
> communication.
I thought I was - but now I realize that tinc has two
mailinglists... ;)
> There's a problem with tinc's boot scripts (at least the debian
one, but
> that's fixed now). The netmask of the tap devices should be larger than
> the one specified with MyOwnVPNIP, because it must accept packets that are
> destined for other subnets. We have a new directive that goes into
> tinc.conf, VpnMask. Suppose our TOTAL vpn is 10.1.x.x/16, and our own
> subnet is 10.1.1.x/24, this should go into tinc.conf:
> 
> MyOwnVPNIP = 10.1.1.1/24
> VpnMask = 255.255.0.0
I must admit that there is something regarding tinc I don't
understand. I don't see why tinc needs to know the netmasks.
tinc makes an encrypted point-to-point (but not ppp) connection,
and anything regarding netmasks etc can be handled with ip
routing, masquerading and netfilters. Is it because I understand
tinc at the IP level while it can be used at lower levels for
bridging as well? 

I've read the documentation but didn't find any explanation in
it. IMHO the docs should be improved so that I -- and possibly other
users -- can understand what I don't understand now. ;)

It was/is my intention to read the docs again and then give some
constructive criticism. But I haven't had the time for that yet,
so now you've got it in a less-constructive way...

I might come back with further comments.
> Ivo asked me to inform you about this, so you could adapt the RedHat boot
> scripts.
IMHO the solution is to use the same script for RedHat and
Debian. Ivo has rewritten it to Perl, and maintaining the same
script in two versions "doesn't scale" ;)

Med Venlig Hilsen
-- 
Mads Kiilerich          Sys.Adm. Cand.Polyt
Mads@Kiilerich.com      Tel. +45 38 16 26 00  Mob. +45 26 20 07 73
M?ntmestervej 12B 1th,  DK-2400 NV,  Denmark

"To be, or not to be; that is the question."  Shakespeare
"The question is minus one using 2's complement!"  Me



---
TINC development list, tinc-devel@nl.linux.org
Archive: http://mail.nl.linux.org/tinc-devel/