Armin Schindler
2016-Aug-30 12:38 UTC
Define which host to use when direct link not possible?
Hello all, we use a meshed VPN with TINC to connect 7 offices. Some office are in other countries and use other ISPs. The connection between some ISPs (peering partners) are not that good. This means we have packet loss between those direct connections. To avoid this direct connection, I would like to tell TINC to use a defined other host to route the packets to. E.g. instead of doing direct office-1 to office-2, send always packets for office-2 to office-5 (because connection with office-5 is very stable). Is there a way to configure TINC to not use direct connection for one host, but use a specified, other host for that? thanks in advance Armin
Guus Sliepen
2016-Aug-30 15:37 UTC
Define which host to use when direct link not possible?
On Tue, Aug 30, 2016 at 02:38:16PM +0200, Armin Schindler wrote:> we use a meshed VPN with TINC to connect 7 offices. > Some office are in other countries and use other ISPs. The connection > between some ISPs (peering partners) are not that good. This means we > have packet loss between those direct connections. > > To avoid this direct connection, I would like to tell TINC to use > a defined other host to route the packets to. > E.g. > instead of doing direct office-1 to office-2, send always packets > for office-2 to office-5 (because connection with office-5 is very stable). > > Is there a way to configure TINC to not use direct connection > for one host, but use a specified, other host for that?You can set IndirectData = yes in hosts/office-2 on hosts/office-1, and vice versa, to prevent it from trying a direct connection. Note that you also should not have ConnectTo = office-2 in office-1's tinc.conf, and vice versa, otherwise the above will not have any effect. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160830/3691bbbe/attachment.sig>
On 30.08.2016 17:37, Guus Sliepen wrote:> On Tue, Aug 30, 2016 at 02:38:16PM +0200, Armin Schindler wrote: > >> we use a meshed VPN with TINC to connect 7 offices. >> Some office are in other countries and use other ISPs. The connection >> between some ISPs (peering partners) are not that good. This means we >> have packet loss between those direct connections. >> >> To avoid this direct connection, I would like to tell TINC to use >> a defined other host to route the packets to. >> E.g. >> instead of doing direct office-1 to office-2, send always packets >> for office-2 to office-5 (because connection with office-5 is very stable). >> >> Is there a way to configure TINC to not use direct connection >> for one host, but use a specified, other host for that? > > You can set IndirectData = yes in hosts/office-2 on hosts/office-1, and > vice versa, to prevent it from trying a direct connection. > > Note that you also should not have ConnectTo = office-2 in office-1's > tinc.conf, and vice versa, otherwise the above will not have any effect.Understood. But this will keep tinc from doing direct only, but it may use *any* other host to transfer the data, right? I would like to set a specific host (with best connection) to be the 'man-in-the-middle'. Armin
Maybe Matching Threads
- Define which host to use when direct link not possible?
- Conflicting Default Values. A trusts B. B trusts EvilNode. Does that mean A trusts EvilNode?
- One host for forwarding only without keys
- Define which host to use when direct link not possible?
- Slow Speed