Multipoint vpn with tinc
Guus Sliepen
guus at tinc-vpn.org
Fri Feb 16 11:59:58 CET 2007
On Fri, Feb 16, 2007 at 11:21:21AM +0100, Albi Rebmann wrote:
> >> Is it also full mesh capable ?
> >
> > Yes.
>
> Can this be configuered? I try to connect some olsr mesh networks, and
> sometimes I like to be able to change hop counts.
You can use the IndirectData option to prevent the full mesh behaviour.
However, other tincds will then forward packets for you, and since tinc
does not change the TTL value in packet headers, this is probably not
useful for you.
> An how can I see what the tinc mesh is doing? See which routes are known
> inside tinc?
Run "tincd -n <netname> -kUSR2", and (among other things) a list of all
known nodes is written to the log. An example line in the log from the
hypothetical tincd named node1:
Feb 16 11:42:20 xar tinc.netname[13015]: node2 at 123.234.345.67 port 655 cipher 91 digest 64 maclength 4 compression 0 options 4 status 001a nexthop node3 via node2 pmtu 1459 (min 1459 max 1459)
What is important is the names after the words "nexthop" and "via". Tinc
sends control information (like session keys, node status updates) using
TCP connections. If node1 wants to send control information to node2, it
sends it to the "nexthop" node3. But VPN packets are normally sent using
UDP directly to the destination. That is why in the example, it says
"via node2". If node2 could not be reached directly from node1, for
example if you'd use IndirectData or TCPOnly for that node, that line in
the log would probably show "via node4", where node4 is a directly
reachable node closest to node2.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20070216/1c4a7c24/attachment.pgp
More information about the tinc
mailing list