tinc - Jan 2016 - Persistent tun/tap

Yes, I know it is possible to insert iptables rule also without interface
presence, but I never tested. If you tell this I trust your experience, but I
prefer to have clean system configuration, so all is linked to something,
without leaving unused system configuration, mainly for security components,
also our firewalls have complex configuration, but using this dynamic management
leave persistent virtual network interface or rules all active no more useful.

I read documentation about env variables, but those variables are all internal
variables tinc inject about its component state/name, how can for example I can
tell tinc to send $DEBUG state variable to each stage so I can write on system
log custom messages in different stages ? It'd be very useful, instead of
defining same variable on each different standard script (script scope
variable).

Roberto



-----Original Message-----
From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen
Sent: luned? 25 gennaio 2016 16.20
To: tinc at tinc-vpn.org
Subject: Re: Persistent tun/tap

On Mon, Jan 25, 2016 at 03:14:59PM +0000, mlist wrote:
> Ok. I'm configuring my iptables scripts so that specific iptables rules
for virtual network interfaces used for tinc go on tinc-up-fw and tinc-down-fw
custom scripts. When I reload iptables rules manually to apply changes iptables
scripts flush all chains and reapply rules and now also search in
/etc/tinc/<netname>/ directories if the related virtual network interface
is up and running and if so it reapply every tinc-up-fw, so probably we do not
need anymore a persistent tun virtual interface ever up.
Note that you can create iptables rules for interfaces that don't exist
yet. So you can just have the rules for your VPN interfaces loaded at
boot before tinc, that should be fine. The rules will also stay around
even if the interface is deleted again.
> Has tinc possibility to pass a custom env veriable  like $INTERFACE, etc ?
it be very useful, for example for DEBUG, so tinc passes on variable to all
scripts in which we can put DEBUG messages (tinc-up, tinc-down, host-up.
host-down, ...) and to sub custom scripts we create, called by standard tinc
scripts.
A list of available environment variables that are passed to scripts can
be found in the manual:

http://tinc-vpn.org/documentation/Scripts.html#Scripts

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>

On Mon, Jan 25, 2016 at 03:49:44PM +0000, mlist wrote:
> I read documentation about env variables, but those variables are all
internal variables tinc inject about its component state/name, how can for
example I can tell tinc to send $DEBUG state variable to each stage so I can
write on system log custom messages in different stages ? It'd be very
useful, instead of defining same variable on each different standard script
(script scope variable).
Tinc only sets those environment variables listed in the documentation.
There is no $DEBUG variable or anything similar.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160125/a04e6ed6/attachment.sig>