tinc 0.3.3 vs. 1.0pre2
Guus Sliepen
guus at sliepen.warande.net
Fri Jun 23 18:07:56 CEST 2000
On Fri, 23 Jun 2000, [ISO-8859-1] Axel Müller wrote:
> I did not look much into key regeneration of tinc. The reason to force this
> immediate key exchange was to save time. If I think it over again now, it
> doesn't really save time ;-(
In fact, you might actually send keys that are not needed, and although
this is not a problem for only a few tinc daemons, when the network is
larger, this is bad for scalability.
> In the scenario in which we use tinc this feature is crucial. That's why I
> modified tinc 0.3.3 which we are still running. As soon as you have VPN
> (tinc outgoing) clients accessing whole networks through a VPN (tinc
> incoming) server you have to tell the VPN client to send everything to the
> VPN server (proxy) reagardless if this is a know VPN destination.
Your setup only works if EVERY host uses proxymode (or whatever it'll be
called). That's not scalable either. The Right Thing(tm) would be that a
tinc daemon can tell it wants to use proxymode to it's uplink, and that
the uplink tells all other hosts about the new host, but sends it's own
real IP address instead of the one from the new host. We'll implement that
ASAP.
[...]
> This small patch causes everything to be sent to the uplink if we have an
> outgoing connection.
> Although this working fine with tinc 0.3.3 it does not work with 1.0pre1 or
> 1.0pre2.
> Below is the log of a test I did with 1.0pre2 running on both ends:
[...]
> Any idea? Anything else I should test?
Not yet. Thank for the logs, it will surely help.
> P.S.: What are the "cp" at the beginning and end of each function about?
CheckPoint. It's a macro (defined in util.h) that saves the current
filename and position, which is used by the exception handler (the one
that prints syslog messages whenever there's a segfault or something like
that) to give an indication where the error happened. You can add more
cp's if you're testing something.
-------------------------------------------
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.warande.net>
-------------------------------------------
See also: http://tinc.nl.linux.org/
http://www.kernelbench.org/
-------------------------------------------
---
TINC development list, tinc-devel at nl.linux.org
Archive: http://mail.nl.linux.org/tinc-devel/
More information about the Tinc-devel
mailing list