Hi Ok I have a simple lab setup with three nodes , one acting as the "Central Node" and the other two as remote nodes which "*ConnectTo*" the central node in order to be able to communicate with each other. What I would like to know is , once the tinc remote nodes establish a connection to the "Central Node" , my understanding was that if the remote nodes want to communicate with each other the data traffic will be flowing through the central node. When I did a tcpdump on central node (both tun0 and eth0) interfaces I cannot see the ICMP traffic on central node ?!? How does tinc pass the data traffic without the central node... hopefully not by MAGIC :) ... Please explain to me . Regards Yazeed <yazeedfataar at hotmail.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160222/4cd1ddf2/attachment.html>
On Mon, Feb 22, 2016 at 05:41:05PM +0300, Yazeed Fataar wrote:> Ok I have a simple lab setup with three nodes , one acting as the "Central > Node" and the other two as remote nodes which "*ConnectTo*" the central > node in order to be able to communicate with each other. > > What I would like to know is , once the tinc remote nodes establish a > connection to the "Central Node" , my understanding was that if the remote > nodes want to communicate with each other the data traffic will be flowing > through the central node. When I did a tcpdump on central node (both tun0 > and eth0) interfaces I cannot see the ICMP traffic on central node ?!? How > does tinc pass the data traffic without the central node... hopefully not > by MAGIC :) ...If the remote nodes want to communicate with each other, then if possible they will do so directly without going through the central node. However, if that is not possible for some reason (because of NAT for example), then it will go via the central node. But in that case, the tinc daemon on the central node will handle the forwarding internally, you will not see those packets when you run tcpdump on the central node's tun0 or eth0 interfaces (but if you set Forwarding kernel on the central node, then you will see the packets on tun0). -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160222/403f7859/attachment.sig>
Understood, thanks for clarification as always Guus! Regards Yazeed Fataar <yazeedfataar at hotmail.com> On Mon, Feb 22, 2016 at 5:48 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:> On Mon, Feb 22, 2016 at 05:41:05PM +0300, Yazeed Fataar wrote: > > > Ok I have a simple lab setup with three nodes , one acting as the > "Central > > Node" and the other two as remote nodes which "*ConnectTo*" the central > > node in order to be able to communicate with each other. > > > > What I would like to know is , once the tinc remote nodes establish a > > connection to the "Central Node" , my understanding was that if the > remote > > nodes want to communicate with each other the data traffic will be > flowing > > through the central node. When I did a tcpdump on central node (both tun0 > > and eth0) interfaces I cannot see the ICMP traffic on central node ?!? > How > > does tinc pass the data traffic without the central node... hopefully not > > by MAGIC :) ... > > If the remote nodes want to communicate with each other, then if > possible they will do so directly without going through the central > node. However, if that is not possible for some reason (because of NAT > for example), then it will go via the central node. But in that case, > the tinc daemon on the central node will handle the forwarding > internally, you will not see those packets when you run tcpdump on the > central node's tun0 or eth0 interfaces (but if you set Forwarding > kernel on the central node, then you will see the packets on tun0). > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160223/5817f4b5/attachment.html>