New config directive VpnMask

Mads Kiilerich Mads at Kiilerich.com
Tue May 16 19:14:52 CEST 2000 

Hello,

Today I got mail from Guus Sliepen:

> In case you never saw any mail from me, I'm tinc's co-author. 

Hello, I've only heard about your fame, not "met" you. ;)

> It would be helpful if you'd subscribe to the tinc developpers
> mailing list. It's not high volume, but it eases
> communication.

I thought I was - but now I realize that tinc has two
mailinglists... ;)

> There's a problem with tinc's boot scripts (at least the debian one, but
> that's fixed now). The netmask of the tap devices should be larger than
> the one specified with MyOwnVPNIP, because it must accept packets that are
> destined for other subnets. We have a new directive that goes into
> tinc.conf, VpnMask. Suppose our TOTAL vpn is 10.1.x.x/16, and our own
> subnet is 10.1.1.x/24, this should go into tinc.conf:
> 
> MyOwnVPNIP = 10.1.1.1/24
> VpnMask = 255.255.0.0

I must admit that there is something regarding tinc I don't
understand. I don't see why tinc needs to know the netmasks.
tinc makes an encrypted point-to-point (but not ppp) connection,
and anything regarding netmasks etc can be handled with ip
routing, masquerading and netfilters. Is it because I understand
tinc at the IP level while it can be used at lower levels for
bridging as well? 

I've read the documentation but didn't find any explanation in
it. IMHO the docs should be improved so that I -- and possibly other
users -- can understand what I don't understand now. ;)

It was/is my intention to read the docs again and then give some
constructive criticism. But I haven't had the time for that yet,
so now you've got it in a less-constructive way...

I might come back with further comments.

> Ivo asked me to inform you about this, so you could adapt the RedHat boot
> scripts.

IMHO the solution is to use the same script for RedHat and
Debian. Ivo has rewritten it to Perl, and maintaining the same
script in two versions "doesn't scale" ;)

Med Venlig Hilsen
-- 
Mads Kiilerich          Sys.Adm. Cand.Polyt
Mads at Kiilerich.com      Tel. +45 38 16 26 00  Mob. +45 26 20 07 73
Møntmestervej 12B 1th,  DK-2400 NV,  Denmark

"To be, or not to be; that is the question."  Shakespeare
"The question is minus one using 2's complement!"  Me



---
TINC development list, tinc-devel at nl.linux.org
Archive: http://mail.nl.linux.org/tinc-devel/

More information about the Tinc-devel mailing list