Next: , Previous: , Up: Configuration   [Contents][Index]


4.3 How connections work

When tinc starts up, it parses the command-line options and then reads in the configuration file tinc.conf. It will then start listening for incoming connection from other daemons, and will by default also automatically try to connect to known peers. By default, tinc will try to keep at least 3 working meta-connections alive at all times.

There is no real distinction between a server and a client in tinc. If you wish, you can view a tinc daemon without a ‘ConnectTo’ statement in tinc.conf and ‘AutoConnect = no’ as a server, and one which does have one or more ‘ConnectTo’ statements or ‘Autoconnect = yes’ (which is the default) as a client. It does not matter if two tinc daemons have a ‘ConnectTo’ value pointing to each other however.

Connections specified using ‘ConnectTo’ are so-called meta-connections. Tinc daemons exchange information about all other daemon they know about via these meta-connections. After learning about all the daemons in the VPN, tinc will create other connections as necessary in order to communicate with them. For example, if there are three daemons named A, B and C, and A has ‘ConnectTo = B’ in its tinc.conf file, and C has ‘ConnectTo = B’ in its tinc.conf file, then A will learn about C from B, and will be able to exchange VPN packets with C without the need to have ‘ConnectTo = C’ in its tinc.conf file.

It could be that some daemons are located behind a Network Address Translation (NAT) device, or behind a firewall. In the above scenario with three daemons, if A and C are behind a NAT, B will automatically help A and C punch holes through their NAT, in a way similar to the STUN protocol, so that A and C can still communicate with each other directly. It is not always possible to do this however, and firewalls might also prevent direct communication. In that case, VPN packets between A and C will be forwarded by B.

In effect, all nodes in the VPN will be able to talk to each other, as long as there is a path of meta-connections between them, and whenever possible, two nodes will communicate with each other directly.


Next: , Previous: , Up: Configuration   [Contents][Index]