Combining Tinc and Cspace

Christian Cier-Zniewski christian.cier at uni-dortmund.de
Tue Apr 3 09:46:55 CEST 2007 

Hello Guus,

Guus Sliepen wrote:
> I don't think it makes sense to integrate them together; CSpace is
> written in python, tinc in C. CSpace only offers TCP-like connections,
> this is bad for performance of VPNs, which are better served with
> UDP-like connections. CSpace depends on OpenSSL, while I want to move to
> GNUTLS because of its more flexible authentication methods and the fact
> that it is LGPLed.

Ok. Maybe the word integration is wrong here. Maybe it is more a
frontend for TINC.

As I wrote, I had an application similar to Hamachi in mind. So mainly
an application which offers less experienced users to establish a VPN
with each other(mainly a bridged one) without the need of editing config
files and generating RSA-keys. That's why I thought of CSpace.

As you may have seen there are some helper programs which provide some
kind of integration for VNC, file transfer and chat. I also thought of a
helper application which does nothing more than providing config-files
for TINC, but handles the information exchange necessary to sucessfully
establish a TINC-VPN with other buddies on the contact list. The
TINC-TCP and TINC-UDP connections are handled by TINC itself as usual.
So no modification of TINC is needed.

The only modification a user might have to do is to modify his router to
forward the necessary TCP (and UDP) port.

> That said, CSpace does implement a lot of functionality that is also
> implemented in tinc or that tinc could benefit from. So I should keep an
> eye on CSpace and try to port the good things from it to tinc 2.0. I had
> not heard about CSpace before, so it's good that you brought it to my
> attention :)

Good to hear. :)

TINC uses a TCP connection for control and a UDP connection for data
from what I understand. You have also implemented a TCP only mode.

Have you ever thought of a UDP only mode?

I am asking this with the idea above(Peer-to-Peer) in mind. If there
were a UDP only mode, the clients could start UDP hole punching (for
TINC-UDP) in their NAT routers, so a user would not even have to modify
anything on the router.

AFAIK Skype and Hamachi are using such an approach. CSpace could provide
the necessary mediation service for the first contact between the peers.
But after connection establishment between the peers, you would only
have P2P traffic without a central instance.

Regards,
Christian

More information about the tinc-devel mailing list