-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gus & Tinc-VPN List: It looks like I need to run 2 instances of tincd on each server. 1 instance of tincd will responsible for running a VPN over the LAN on eth1. This means Class C addresses from 10.0.1.10 -> 10.0.1.250 Another instance of tincd will be responsible for running a VPN over the WAN on eth0. This means Class C addresses from 10.0.2.10 -> 10.0.2.250. This will result in 2 TUN devices appear in the ifconfig -a list. For all the servers on the local network, they will be on NET LAN. For all servers, they will be on NET WAN and they will have HOSTS files for every server except those servers on the local LAN. This will allow the routing table to have 2 entries with netmask 255.255.255.0. LAN on 10.0.1.0. WAN on 10.0.2.0. Does this all sound about right? I am sure there is a way to optimize and allow a class B for the WAN that will not routing table conflict with the class C on the LAN. Cheers all, Marco -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUiluXAAoJEPo4S5nQw5H/EnsIAI4G/fj2MMEHe23Oxz6mg16l vef2WH9kcDSnO0Rwta2apMgk1d6ImBb03FiQy90HAUQvXC8QBh0gYB+R5kaE01ro H/Ws0yv0hGLkFZc3JM8+r9neH7u62UGfwZ/lnulDAXhrgrroMqJo70etuP62EsMp e2+tkq9y0KQZUS2rbNx3M81Ad1ly2uszsfON9596Kf6Ethi/D4/1i3UB+ejuvMwV TX/GGeRr40OzDwAjuRyWx3dNC+y7KpAzTIIRcC77kKxe6G7IoBiq2exdwFkTUWTH YxiSIYAqN9qqhXt95v3rY8osgngHu2mHaKaSPpimiG330DKQjZKOaVF80fsF274=9v3r -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oops, I got it to work only after putting the WAN on port 656 so it did not interfere with port 655 for the LAN. I am going to depend heavily on this VPN daemon to do its work every day. On 12/11/2014 10:05 PM, md at rpzdesign.com wrote:> Gus & Tinc-VPN List: > > It looks like I need to run 2 instances of tincd on each server. > > 1 instance of tincd will responsible for running a VPN over the LAN > on eth1. This means Class C addresses from 10.0.1.10 -> > 10.0.1.250 > > Another instance of tincd will be responsible for running a VPN > over the WAN on eth0. This means Class C addresses from 10.0.2.10 > -> 10.0.2.250. > > This will result in 2 TUN devices appear in the ifconfig -a list. > > For all the servers on the local network, they will be on NET LAN. > For all servers, they will be on NET WAN and they will have HOSTS > files for every server except those servers on the local LAN. > > This will allow the routing table to have 2 entries with netmask > 255.255.255.0. LAN on 10.0.1.0. WAN on 10.0.2.0. > > Does this all sound about right? > > I am sure there is a way to optimize and allow a class B for the > WAN that will not routing table conflict with the class C on the > LAN. > > Cheers all, > > Marco _______________________________________________ tinc-devel > mailing list tinc-devel at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-devel >-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUipdkAAoJEPo4S5nQw5H/cCAH/jV/FNgDl5a5EW2smLHNgP7d Fbuv2/156BOCGUE1A8Bf4mDgI9ssekJAWaJB3YT85ILUatfu0aR+e0Qcf6e1mHCS PsRI1Hrgnbidy3XsGm0WMswWqV0AJZg5G45jJKFFP5zMWTnCC18SvNv73HCfchCI +5VlS/UUGwHi8EyvElXCHY6or6JYVPqmU0ZFnNqzdEUTMcffvL4B/ffSgo4utVzf drUfm44kzV0WNjucZ7yuiKTVcnewIEQrcGwJ9plJ1WMv0G7UqP0RpmxjYVwT7qlR c64F7jnTC5wn4qmRRY3+HgMPl5fvZoToG+R031lt/r6oWRWRy+O9flBeqHEXV+s=YLY8 -----END PGP SIGNATURE-----
On Fri, Dec 12, 2014 at 02:21:08AM -0500, md at rpzdesign.com wrote:> Oops, I got it to work only after putting the WAN on port 656 so it > did not interfere with port 655 for the LAN.You should not need to have two tinc daemons just because you have a WAN and a LAN interface. By default (ie, if you don't specify BindToAddress and/or BindToInterface), tinc listens on all interfaces, and the kernel should normally take care of selecting which outgoing interface to use for tinc's packets. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20141214/8e4dfea5/attachment.sig>