Currently I have the local tinc node's VPN IP in both the tinc-up script as well as in its hosts/$NODE file Subnet setting. Can this be avoided, to simplify deployment? Actually I am currently using a DNS lookup in the tinc-up script to get the local VPN IP ($NODE.myvpndomain), but this fails if DNS isn't ready when tinc-up is run. (DeviceStandby=yes fixes this, but then the subnet-up script is run before tinc-up). I notice that tinc runs the subnet-up script for the local subnet immediately after the tinc-up script, with $REMOTEADDRESS empty, so I tried putting some of the interface configuration there instead. This seemed to work fine. So tinc-up says only: #!/bin/bash ip link set dev $INTERFACE up and subnet-up says #!/bin/sh if [ -z "$REMOTEADDRESS" ]; then # local network ip addr add $SUBNET dev $INTERFACE fi ip route add $SUBNET dev $INTERFACE Any downsides to this? Will it work on tinc 1.0 as well (I'm testing on 1.1pre15)? Hamish
On 01/08/18 11:42, Hamish Moffatt wrote:> > I notice that tinc runs the subnet-up script for the local subnet > immediately after the tinc-up script, with $REMOTEADDRESS empty, so I > tried putting some of the interface configuration there instead. This > seemed to work fine. So tinc-up says only: > > #!/bin/bash > ip link set dev $INTERFACE up > > and subnet-up says > > #!/bin/sh > if [ -z "$REMOTEADDRESS" ]; then # local network > ip addr add $SUBNET dev $INTERFACE > fiOops, this only works when the local subnet is a /32. Otherwise it ends up assigning a local IP of eg 192.168.42.0/24, which actually seems to work but isn't what's intended. Instead I put if [[ -z "$REMOTEADDRESS" && $SUBNET != */* ]]; then # local /32 subnet ip addr add $SUBNET dev $INTERFACE fi and then for the hosts with bigger subnets I add those to tinc-up instead. Hamish
Hello Hamish, Am Wed, 1 Aug 2018 11:42:58 +1000 schrieb Hamish Moffatt <hamish at moffatt.email>:> Currently I have the local tinc node's VPN IP in both the tinc-up script as > well as in its hosts/$NODE file Subnet setting. Can this be avoided, to > simplify deployment?I use the following tinc-up script. It determines the local node's host filename and parses all "Subnet" lines without a slash (indicating networks) lines from it. #!/bin/sh set -eu MY_HOST_FILE="/etc/tinc/$NETNAME/hosts/$NAME" grep -i "^Subnet[^/]*$" "$MY_HOST_FILE" | cut -f 2 -d = | tr -d " " \ | while read -r my_ip; do ip address add "${my_ip}/24" dev "$INTERFACE" done ip link set "$INTERFACE" up The following details are imperfect: * Subnet lines with a single-host prefix length ("/32") are ignored, too * the network prefix length is part of the script (there is no way to determine it) Maybe this helps ... Cheers, Lars