Hello tinc users, i have the follow configuration: 1 client/server called master, it is always reachable from internet (with dyndns) 5 clients, that connects to the master and the other clients (all behind a router (NAT)) master-hosts-file: Address = ... Port = ... Subnet = ... Compression = 0 ---- key ----- client-hosts-files: Compression = 0 Subnet = ... ----- key ----- tinc.conf Name = .... ConnectTo = master Device = /dev/net/tun Mode = switch i use the master to learn the ip's of the machines behind nat. the problem is, if the master is for a short time unrechable, than all clients lose the connection (as long as the master is not reachable). it is possible to hold the connections between the clients behind a nat-router without a third node? if i create a second reachable master and add in the tinc.conf a additional connectto line, make the clients to both masters a connection or at first to the first and if it is not reachable then probe/connect to the second? greets manuel PS: sorry for my bad english, i hope it's understandable.
On Thu, 25 Feb 2010, deep_eye wrote:> it is possible to hold the connections between the clients behind a > nat-router without a third node?I don't think so.> if i create a second reachable master and add in the tinc.conf a > additional connectto line, make the clients to both masters a connection > or at first to the first and if it is not reachable then probe/connect > to the second?The clients make connection to all connectto lines right after they start - so in your case you would have two open tcp connections when both masters are reachable. To make this work even better add to master1 a ConnectTo=master2 and vice versa. (This way everything keeps running even if some clients can for whatever reason only talk to master1, whiche some others can only talk to master2 at that time - at least as long at the two masters can talk to each other) c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F.
On Thu, Feb 25, 2010 at 05:30:45PM +0100, deep_eye wrote:> i have the follow configuration: > 1 client/server called master, it is always reachable from internet > (with dyndns) > 5 clients, that connects to the master and the other clients (all behind > a router (NAT))[...]> i use the master to learn the ip's of the machines behind nat. > the problem is, if the master is for a short time unrechable, than all > clients lose the connection (as long as the master is not reachable). > > it is possible to hold the connections between the clients behind a > nat-router without a third node?At the moment, this is not possible. The reason is that TCP connections are used to exchange metadata (such as session keys) and to authenticate nodes, so if a node doesn't have any working TCP connections to another node anymore, it will invalidate all session keys, even if it could still reach other nodes via UDP.> if i create a second reachable master and add in the tinc.conf a > additional connectto line, make the clients to both masters a connection > or at first to the first and if it is not reachable then probe/connect > to the second?That would work. If you have two ConnectTo lines in tinc.conf, tinc will try to connect to both simultaneously. If one of the masters fails, then all nodes will still be able to exchange metadata with each other via the second master, so they will continue to work. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100225/0a1fbee2/attachment.pgp>
Seemingly Similar Threads
- replication + attachment sis + zlib bug ? (HEAD version from xi.rename-it.nl)
- Geo-replication status is getting Faulty after few seconds
- Geo-replication status is getting Faulty after few seconds
- Geo-replication status is getting Faulty after few seconds
- Geo-replication status is getting Faulty after few seconds