Hi,
I've set up Tinc in switch-mode on the three nodes "gw",
"rb493g" and
"v900w", but the nodes "rb493g" and "w900v" do not
connect to each
other.
On each node port 655 is opened with TCP and UDP.
"gw": static IPv4- and IPv6 address listed in the hosts-file
"gw"
hosts-files: "gw", "rb493g", "w900v"
"Name = gw" in tinc.conf
No ConnectTo-statements in tinc.conf
host-up for nodes with dynamic ip:
#!/bin/bash
FILE=/etc/tinc/$NETNAME/hosts/$NODE
/bin/sed -e '/Address/d' -i $FILE
/bin/echo "Address = $REMOTEADDRESS $REMOTEPORT"
>> $FILE
"rb493g": dynamic IPv4 address not listed in any hosts-file
hosts-files: "gw", "rb493g"
"Name = rb493g" in tinc.conf
"ConnectTo = gw" in tinc.conf
"w900v": dynamic IPv4 address not listed in any hosts-file
hosts-files: "gw", "w900v"
"Name = w900v" in tinc.conf
"ConnectTo = gw" in tinc.conf
Common entries in all three tinc.confs:
AddressFamily = any
Broadcast = mst
DecrementTTL = no
Device = /dev/net/tun
DeviceType = tap
DirectOnly = no
Forwarding = internal
Hostnames = yes
#LocalDiscovery = yes
Mode = switch
PriorityInheritance = yes
PrivateKeyFile = /etc/tinc/bartschnet/rsa_key.priv
ProcessPriority = high
PingInterval = 20
PingTimeout = 5
Cipher = aes-128-cbc
ClampMSS = yes
Compression = 0
Digest = sha1
IndirectData = yes
PMTUDiscovery = yes
Port = 655
I can ping each node from each other node, but the DOT-graph shows no
direct connection between "rb493g" and "w900v" causing
superflous
traffic and latency on the uplink of the node "gw"
What do I have to change to make "rb493g" and "w900v"
connect to each
other despite dynamic ips? Shouldn't "gw" notify
"rb493g" of the
dynamic ip of "w900v" and vice versa?
Thanx for any hint,
Renne
Happy Holidays! :)
On Sat, Mar 30, 2013 at 08:21:32PM +0100, Rene Bartsch wrote:> I've set up Tinc in switch-mode on the three nodes "gw", "rb493g" and > "v900w", but the nodes "rb493g" and "w900v" do not connect to each > other.[...]> Common entries in all three tinc.confs:[...]> IndirectData = yesIf you enable IndirectData, rb493g and v900w will never make a direct connection to each other. Set this option to no.> I can ping each node from each other node, but the DOT-graph shows no > direct connection between "rb493g" and "w900v" causing superflous > traffic and latency on the uplink of the node "gw"The graph only shows the meta connections (ie, those manually specified with ConnectTo), not the data connection. With tinc 1.0 it is hard to see if a direct connection is made. You can try to install tinc 1.1pre6 (it is backwards compatible with 1.0.x), and then, from rb493g for example, run the command "tincctl info v900w". This should tell you if a direct connection is made or not. Also note that tinc makes direct connections on demand, so first you need to ping the other node before you will get a useful answer. You can also run tcpdump on your external interface to check whether traffic really goes directly to the other node or whether it is sent via gw. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130330/3825de9c/attachment.pgp>
Apparently Analagous Threads
- How to set Subnet in a node which act as both server and client role?
- Conflicting Default Values. A trusts B. B trusts EvilNode. Does that mean A trusts EvilNode?
- How to set Subnet in a node which act as both server and client role?
- Route certain trafic via a tinc node that is not directly connected.
- Define which host to use when direct link not possible?