Oh, thanks, in my current case, I haven’t config “Address” parameter in A’s host config, is this will make A prohibited it listen on the tinc ports? Question: 1. if I config “Address” in A’s config, and even though A is in a private subnet, it might still possible for A to establish connection with X(X is public IP address)? 2. If there any parameter to disable the direct connection discovery, and only allow to through intermediate node?> On 1 May 2017, at 3:16 PM, Narcissus Emi <eminarcissus at gmail.com> wrote: > > Indeed it depends, tinc will have a port listening for incoming connections(both tcp and udp), if A have exposed its listening ports, a direct connection will be tried to build between the nodes, otherwise it will go from the intermediate node. > > -- > Narcissus Emi > 日時: 2017年5月1日 15:12:16, Bright Zhao (startryst at gmail.com <mailto:startryst at gmail.com>) が書きました:: > >> H, Narcissus >> >> Quick one for the below case, if node A have a direct connection to node B, and node B have a connection to node X, then I found node A will be able to talk to node X, but the communication path is go through node B, instead of build direct connection between A and X, is that right? I tested this in my environment. >> >> A >> B >> X >> >>> On 1 May 2017, at 3:07 PM, Narcissus Emi <eminarcissus at gmail.com <mailto:eminarcissus at gmail.com>> wrote: >>> >>> X-up is being called when any connection is being built between node A and node X, it doesn't have anything to do whether you have connectTo in the config file or not. >>> Because tinc is a mesh network, if node A have a direct connection to node B, and node B have a connection to node X, you can have a connection between A and X, and X-up is being called at the moment when it built a connection on demand. >>> >>> -- >>> Narcissus Emi >>> 日時: 2017年5月1日 14:15:14, Bright Zhao (startryst at gmail.com <mailto:startryst at gmail.com>) が書きました:: >>> >>>> Hi, Tinc Expert >>>> >>>> in my tinc.conf, the ConnectTo to host X is commented, like below: >>>> >>>> #ConnectTo = X >>>> >>>> and there is a script: /etc/tinc/netname/hosts/X-up, I thought commented the ConnectTo X wouldn’t trigger the X-up, but it did. >>>> >>>> Why? What’s the logic behind to trigger host-up? How can I avoid this except remove the host-up file? >>>> >>>> >>>> Bright Zhao >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/e22d5538/attachment-0001.html>
I don't really think Address config in node description will decide it will listening for the public connection or not. From my own case, even if a real private node(pppoe dynamic address, tcp port listening not allowed, but Udp allowed) can have a p2p direct connection, I think it based on udp NAT traverse, but if you use TCPonly for this node, and also forbidden the incoming traffic to this public TCP port, it will definitely working on a intermediate only mode. Maybe just try it out,l ;) -- Narcissus Emi 日時: 2017年5月1日 15:24:26, Bright Zhao (startryst at gmail.com) が書きました::> Oh, thanks, in my current case, I haven’t config “Address” parameter in > A’s host config, is this will make A prohibited it listen on the tinc > ports? > > Question: > 1. if I config “Address” in A’s config, and even though A is in a private > subnet, it might still possible for A to establish connection with X(X is > public IP address)? > 2. If there any parameter to disable the direct connection discovery, and > only allow to through intermediate node? > > > On 1 May 2017, at 3:16 PM, Narcissus Emi <eminarcissus at gmail.com> wrote: > > Indeed it depends, tinc will have a port listening for incoming > connections(both tcp and udp), if A have exposed its listening ports, a > direct connection will be tried to build between the nodes, otherwise it > will go from the intermediate node. > > -- > Narcissus Emi > > 日時: 2017年5月1日 15:12:16, Bright Zhao (startryst at gmail.com) が書きました:: > >> H, Narcissus >> >> Quick one for the below case, if node A have a direct connection to node >> B, and node B have a connection to node X, then I found node A will be able >> to talk to node X, but the communication path is go through node B, instead >> of build direct connection between A and X, is that right? I tested this in >> my environment. >> >> A >> B >> X >> >> On 1 May 2017, at 3:07 PM, Narcissus Emi <eminarcissus at gmail.com> wrote: >> >> X-up is being called when any connection is being built between node A >> and node X, it doesn't have anything to do whether you have connectTo in >> the config file or not. >> Because tinc is a mesh network, if node A have a direct connection to >> node B, and node B have a connection to node X, you can have a connection >> between A and X, and X-up is being called at the moment when it built a >> connection on demand. >> >> -- >> Narcissus Emi >> >> 日時: 2017年5月1日 14:15:14, Bright Zhao (startryst at gmail.com) が書きました:: >> >>> Hi, Tinc Expert >>> >>> in my tinc.conf, the ConnectTo to host X is commented, like below: >>> >>> #ConnectTo = X >>> >>> and there is a script: /etc/tinc/netname/hosts/X-up, I thought commented >>> the ConnectTo X wouldn’t trigger the X-up, but it did. >>> >>> Why? What’s the logic behind to trigger host-up? How can I avoid this >>> except remove the host-up file? >>> >>> >>> Bright Zhao >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/a8035fdf/attachment.html>
Thanks, let me give a try, and get back to you. :-)> On 1 May 2017, at 3:29 PM, Narcissus Emi <eminarcissus at gmail.com> wrote: > > I don't really think Address config in node description will decide it will listening for the public connection or not. From my own case, even if a real private node(pppoe dynamic address, tcp port listening not allowed, but Udp allowed) can have a p2p direct connection, I think it based on udp NAT traverse, but if you use TCPonly for this node, and also forbidden the incoming traffic to this public TCP port, it will definitely working on a intermediate only mode. Maybe just try it out,l ;) > > -- > Narcissus Emi > 日時: 2017年5月1日 15:24:26, Bright Zhao (startryst at gmail.com <mailto:startryst at gmail.com>) が書きました:: > >> Oh, thanks, in my current case, I haven’t config “Address” parameter in A’s host config, is this will make A prohibited it listen on the tinc ports? >> >> Question: >> 1. if I config “Address” in A’s config, and even though A is in a private subnet, it might still possible for A to establish connection with X(X is public IP address)? >> 2. If there any parameter to disable the direct connection discovery, and only allow to through intermediate node? >> >> >>> On 1 May 2017, at 3:16 PM, Narcissus Emi <eminarcissus at gmail.com <mailto:eminarcissus at gmail.com>> wrote: >>> >>> Indeed it depends, tinc will have a port listening for incoming connections(both tcp and udp), if A have exposed its listening ports, a direct connection will be tried to build between the nodes, otherwise it will go from the intermediate node. >>> >>> -- >>> Narcissus Emi >>> 日時: 2017年5月1日 15:12:16, Bright Zhao (startryst at gmail.com <mailto:startryst at gmail.com>) が書きました:: >>> >>>> H, Narcissus >>>> >>>> Quick one for the below case, if node A have a direct connection to node B, and node B have a connection to node X, then I found node A will be able to talk to node X, but the communication path is go through node B, instead of build direct connection between A and X, is that right? I tested this in my environment. >>>> >>>> A >> B >> X >>>> >>>>> On 1 May 2017, at 3:07 PM, Narcissus Emi <eminarcissus at gmail.com <mailto:eminarcissus at gmail.com>> wrote: >>>>> >>>>> X-up is being called when any connection is being built between node A and node X, it doesn't have anything to do whether you have connectTo in the config file or not. >>>>> Because tinc is a mesh network, if node A have a direct connection to node B, and node B have a connection to node X, you can have a connection between A and X, and X-up is being called at the moment when it built a connection on demand. >>>>> >>>>> -- >>>>> Narcissus Emi >>>>> 日時: 2017年5月1日 14:15:14, Bright Zhao (startryst at gmail.com <mailto:startryst at gmail.com>) が書きました:: >>>>> >>>>>> Hi, Tinc Expert >>>>>> >>>>>> in my tinc.conf, the ConnectTo to host X is commented, like below: >>>>>> >>>>>> #ConnectTo = X >>>>>> >>>>>> and there is a script: /etc/tinc/netname/hosts/X-up, I thought commented the ConnectTo X wouldn’t trigger the X-up, but it did. >>>>>> >>>>>> Why? What’s the logic behind to trigger host-up? How can I avoid this except remove the host-up file? >>>>>> >>>>>> >>>>>> Bright Zhao >>>>>> _______________________________________________ >>>>>> tinc mailing list >>>>>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >>>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> >>>>> _______________________________________________ >>>>> tinc mailing list >>>>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >>>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> >>>> >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> >>> _______________________________________________ >>> tinc mailing list >>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/9e0b9697/attachment-0001.html>