Ok. I'm configuring my iptables scripts so that specific iptables rules for virtual network interfaces used for tinc go on tinc-up-fw and tinc-down-fw custom scripts. When I reload iptables rules manually to apply changes iptables scripts flush all chains and reapply rules and now also search in /etc/tinc/<netname>/ directories if the related virtual network interface is up and running and if so it reapply every tinc-up-fw, so probably we do not need anymore a persistent tun virtual interface ever up. Has tinc possibility to pass a custom env veriable like $INTERFACE, etc ? it be very useful, for example for DEBUG, so tinc passes on variable to all scripts in which we can put DEBUG messages (tinc-up, tinc-down, host-up. host-down, ...) and to sub custom scripts we create, called by standard tinc scripts. Best regards Roberto -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: luned? 25 gennaio 2016 16.00 To: tinc at tinc-vpn.org Subject: Re: Persistent tun/tap On Mon, Jan 25, 2016 at 07:47:14AM +0000, mlist wrote:> So we can configure a persistent tun and tinc on startup recognize this, tinc uses just present tun without problems ? > Can you point me to Tinc-RedHat best practice method to do that please ?I don't know of any best practice for setting up persistent tun interfaces on RedHat. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org>
On Mon, Jan 25, 2016 at 03:14:59PM +0000, mlist wrote:> Ok. I'm configuring my iptables scripts so that specific iptables rules for virtual network interfaces used for tinc go on tinc-up-fw and tinc-down-fw custom scripts. When I reload iptables rules manually to apply changes iptables scripts flush all chains and reapply rules and now also search in /etc/tinc/<netname>/ directories if the related virtual network interface is up and running and if so it reapply every tinc-up-fw, so probably we do not need anymore a persistent tun virtual interface ever up.Note that you can create iptables rules for interfaces that don't exist yet. So you can just have the rules for your VPN interfaces loaded at boot before tinc, that should be fine. The rules will also stay around even if the interface is deleted again.> Has tinc possibility to pass a custom env veriable like $INTERFACE, etc ? it be very useful, for example for DEBUG, so tinc passes on variable to all scripts in which we can put DEBUG messages (tinc-up, tinc-down, host-up. host-down, ...) and to sub custom scripts we create, called by standard tinc scripts.A list of available environment variables that are passed to scripts can be found in the manual: http://tinc-vpn.org/documentation/Scripts.html#Scripts -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160125/a1faf09b/attachment.sig>