an other usage example

Guus Sliepen guus at sliepen.eu.org
Thu Jan 20 20:11:42 CET 2005 

On Thu, Jan 20, 2005 at 06:15:25PM +0100, Florian Reitmeir wrote:

> The examples from your Webpage are nice, but i think a nicer way to use the
> strengh of tinc is:
> 
> We define a Subnet where all routers are, for example:
> 	172.120.121.0/24
> 
> With tinc its now easy to configure this on every router, so all
> routers are fully connected.
> 
> Router A gets, 172.120.121.1
> Router B gets, 172.120.121.2
> Router C gets, 172.120.121.3
> .
> .
> 
> so we only have to add to every router these Adresse in its Subnet List,
> 	Router A -> Subnet=172.120.121.1/32
> 	Router B -> Subnet=172.120.121.2/32
> 	.
> 	.
> 
> 
> The Networks on the different Locations now can direct routed to the
> interface. Lets say Router A has a 10.100.20.0/24 where his clients-computers
> are. He just adds
> 	route add -net 10.100.20.0/24 dev vpn
> 	( add add the subnet to his tinc conf)
> 
> Or he routes all private addresses to the interface:
> 	route add -net 10.0.0.0/8 dev vpn
> 
> 
> This is IMHO a bit nicer than the examples on your page.
> 
> Versus OpenVPN there are some major gainings:
> 	- every router has ONE ip Adress in the whole vpn, so its easy to configure
> 		a correct DNS
> 	- every router only has to know his local config.

I don't see what is so nice about the 172.120.121.0/24 subnet where the
routers live. Why use it at all? Router A in your example probably
already has the IP address 10.100.20.1 on its LAN. You can use that IP
address on the VPN as well. Anyway, there are lots of ways to set up a
(virtual private) network, the example from the website is but one of
them, and everyone has his own taste of course.

In any case, the tinc daemons only need to know their local config, and
only require the host config file of other tinc daemons if they
ConnectTo them. In the example on the website it says all hosts share
all the host config files, but that's just convenience.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20050120/8ded9ab0/attachment.pgp

More information about the tinc-devel mailing list