On Sun, Apr 08, 2012 at 08:56:40PM +0200, Jan L?hr wrote:
> http://www.tinc-vpn.org/examples/redirect-gateway/ explains how to set up a
> default route using tinc. However, in my understanding tinc's p2p
traffic is
> routed via tinc there:
> Assume a network: Client A, Client B and a Server S. A and B have
"ConnectTo
> S" in their config, S is used as a gateway providing 0.0.0.0/0 . All
packets
> send from A to B will be delivered to
<public_ip_address_of_b>:655/udp. Since
> A will route through S these packages will travel through S.
>
> Am I right?
Yes.
> Is there a simple workaround for enabling direct communication, if
> A and B are using dynamic ip-addresses? (Without iptables marking &
policy
> based routing)
You can add additional host-up scripts for the other clients, or have a generic
script named "host-up" in the same directory as tinc.conf. There, you
can add
the necessary direct route to that host:
#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
Note that if you have both a generic host-up scripts and a specific -up script
for a node, then both will be executed, the generic one first. So if you use
the generic scripts, you still need the server-up script, but you can remove
the first "ip route add" command from it. It works the same for -down
scripts.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20120408/012dc9d7/attachment.pgp>