Subnet specification for tinc node as default gateway
Guus Sliepen
guus at tinc-vpn.org
Mon Sep 2 01:14:37 CEST 2013
On Sun, Sep 01, 2013 at 03:35:01PM -0700, Nikolaus Rath wrote:
> > Did you restart the tincd on the gateway after you added that Subnet? It should
> > work otherwise.
>
> Duh. No, I didn't. I didn't even add the extra subnet on the
> gateway. Now that I've done that, it seems to work. Thanks!
>
>
> I'm still confused why this is necessary though. Why isn't it enough to
> define the subnet in the local tinc's configuration? At the moment it
> seems that even for the local tinc instance, the subnet specification on
> the remote server takes precedence. That's a bit counterintuitive - then
> why am I specifying the subnets for every node on every node in the
> first place?
Assuming you don't use TunnelServer or StrictSubnets, you don't have to. You
only have to specify the Subnet a host uses on that host itself. It announces
those Subnets to all the other nodes via the meta protocol. It ignores Subnets
from all host config files but its own. Also, even if you could specify Subnets
for another node locally, that wouldn't help; as soon as those packets reach
that other node, that node doesn't know what to do with them (well, unless you
use Forwarding = kernel).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130902/c10320fb/attachment-0001.sig>
More information about the tinc
mailing list