Phooraalai
2014-Jan-09 14:26 UTC
tinc started from /etc/network/interfaces and not from /etc/tinc/nets.boot
Hello, are there reasons why all the examples for debian and ubuntu explain how to setup tinc to start from the init job /etc/init.d/tinc and /etc/tinc/nets.boot and why there are no examples or tutorials on howto start tinc from /etc/network/interfaces ? Using /etc/network/interfaces I have a perfectly running tinc vpn with an unprivileged user, locked memory and a chroot jail plus converted tinc-up and tinc-down scripts.>From my /etc/network/interfaces:auto VPN iface VPN inet static address 192.168.100.1 netmask 255.255.255.0 post-up /etc/tinc/VPN/vpn_tinc-up post-down /etc/tinc/VPN/vpn_tinc-down TINC_NET VPN TINC_CHROOT yes TINC_MLOCK yes TINC_USER tincvpn Question: If I have machines A,B and C in my tinc vpn and if I then add machine D and only have the host file /etc/tinc/VPN/hosts/D on machine C and /etc/tinc/VPN/hosts/C on machine D, will D be still able to talk to machines A and B ? Is this what the host options StrictSubnets = yes and TunnelServer = yes are about ? BR P.
Guus Sliepen
2014-Jan-09 21:00 UTC
tinc started from /etc/network/interfaces and not from /etc/tinc/nets.boot
On Thu, Jan 09, 2014 at 03:26:58PM +0100, Phooraalai wrote:> are there reasons why all the examples for debian and ubuntu explain how > to setup tinc to start from the init job /etc/init.d/tinc and > /etc/tinc/nets.boot and why there are no examples or tutorials on howto > start tinc from /etc/network/interfaces ?I guess because the init job was there first. Support for /etc/network/interfaces came later.> Using /etc/network/interfaces I have a perfectly running tinc vpn with > an unprivileged user, locked memory and a chroot jail plus converted > tinc-up and tinc-down scripts.Why did you use converted tinc-up/down scripts at all? You can put everything that is in those inside /etc/network/interfaces.> Question: If I have machines A,B and C in my tinc vpn and if I then add > machine D and only have the host file /etc/tinc/VPN/hosts/D on machine C > and /etc/tinc/VPN/hosts/C on machine D, will D be still able to talk to > machines A and B ?Yes.> Is this what the host options StrictSubnets = yes and > TunnelServer = yes are about ?Those options those can indeed be used to limit which nodes can talk to which other nodes. There is also IndirectData, DirectData and Forwarding. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140109/cad81851/attachment.sig>