On Fri, Nov 24, 2006 at 12:05:23PM +0100, EleGoS wrote:
> I'm totally new to the concept 'self-made VPNs' :P
What do you mean by "self-made"?
> question n.1: I'm behind a router. This router is configurable, but
I'm
> also behind a provider's NAT (private IPs with a common public IP).
Will
> tinc work, or it will do as hamachi does (problems connecting to me)?
> (in hamachi there is a 'yellow' indicator on me for users of the
same
> provider [passages: |private IP| -> |public IP| -> |hamachi server|
->
> |public IP| -> |private IP| -> |router's private IP|])
If you are behind a NAT, you should probably add "TCPOnly = yes" to
your
tinc.conf. Once a tinc daemon behind a NAT makes a connection to another
tinc daemon, packets can go both ways.
> question n.2: a tinc VPN uses the server's bandwidth (so all the
> transmissions pass from the server) or is a P2P system (the server only
> re-addresses the connections)?
It's peer-to-peer. There is no central server with tinc. Tinc also does
not make a distinction between "client" and "server".
> question n.3: if a client enters a server, does the client 'see'
all the
> others connected to the server?
Yes, each tinc daemon knows about all other tinc daemons in the same
VPN.
> question n.4: what about the public and private keys? What to give to
> the clients? What the clients must generate?
You typically let every tinc daemon generate its own public/private
keypair. You then exchange public keys with those other tinc daemons for
which you have a ConnectTo line in your tinc.conf. You don't have to
ConnectTo all other daemons in the VPN, just a few is enough, tinc will
create a full mesh network itself from there on.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://brouwer.uvt.nl/pipermail/tinc/attachments/20061124/73bddaf0/attachment.pgp