"Mode Switch" and "Tunnelserver Yes" cause unnecessary traffic to clients (proposed patch)
ZioPRoTo (Saverio Proto)
zioproto at gmail.com
Mon Apr 12 13:18:40 CEST 2010
>> I don't want clients to speak directly, but I want all the
>> communications to pass by the server.
OK, to do not complicate things I did not explain the all story.
I'm implementing the algorithm explained in this paper:
http://aquila.netgroup.uniroma2.it/~saverio/ICT2010Detti.pdf
The key idea is that if you have 50+ nodes it takes too much memory to
have ~50 VPN links. So you make links only to few nodes, and you route
inside the VPN. Read the paper for details if you want.
To do so I wrote a python script, that creates a configuration file
for tinc after running the algorithm runs tinc.
The implementation will be Free Software, and it would be cool also to
distribute it with tinc, so people can use the result of this research
activity. Now it is very early stage with don't have any release yet.
> I think it would be better if you set IndirectData = yes in the server's
> tinc.conf, that would force all traffic to go via the server. TunnelServer is
> not really compatible with switch mode (unless you configure MAC Subnets
> statically).
I'm reading here:
http://www.tinc-vpn.org/documentation/tinc_4.html#Configuration
I don't understand this IndirectData option :( Maybe is a language problem.
"IndirectData = yes" means that tincd will not try to make other VPN
connections than the ones specified with ConnectTo statements ?
If node N sets "IndirectData = Yes" and does not have any ConnectTo
statement (this is the server config) other nodes will be able to
connect to the node with this configuration ?
The IndirectData yes/no must be consistent on every node ?
>
>> I need layer2 because of some ethernet stuff on the clients.
I run the OLSR routing protocol inside the VPN, this works only with
L2 because I broadcast packets into the VPN links for routing
signalling. OLSR will not work with tun interfaces, only with tap.
> Anyway, why do you want to prevent clients from communicating directly to each
> other? That would be more efficient.
Well, I hope now my goal is clear :)
Saverio
More information about the tinc
mailing list