tinc started from /etc/network/interfaces and not from /etc/tinc/nets.boot

[Phooraalai]

Hello Guus,

> I guess because the init job was there first. Support for
> /etc/network/interfaces came later.

Would you accept a small tutorial for the website where I explain howto
duplicate my setup through /etc/network/interfaces once I finish ?

>> Using /etc/network/interfaces I have a perfectly running tinc vpn with
>> an unprivileged user, locked memory and a chroot jail plus converted
>> tinc-up and tinc-down scripts.
> 
> Why did you use converted tinc-up/down scripts at all? You can put everything
> that is in those inside /etc/network/interfaces.

I use the converted tinc-up and tinc-down to build some iptables rules
and then tear them down again. Also I use them to log to syslog that an
vpn connection has been established or terminated. How would I do that
with /etc/network/interfaces ?

>> Question: If I have machines A,B and C in my tinc vpn and if I then add
>> machine D and only have the host file /etc/tinc/VPN/hosts/D on machine C
>> and /etc/tinc/VPN/hosts/C on machine D, will D be still able to talk to
>> machines A and B ?
> 
> Yes.
> 
>> Is this what the host options StrictSubnets = yes and
>> TunnelServer = yes are about ?
> 
> Those options those can indeed be used to limit which nodes can talk to which
> other nodes. There is also IndirectData, DirectData and Forwarding.
> 

I could not see a DirectData option in the tinc 1.0 man page for
tinc.conf or in the PDF for 1.0 or 1.1 on the tinc website. Is there a
difference between IndirectData <=> DirectData ?

So if I set StrictSubnets = yes, then the tinc vpn daemon will only talk
to the machine for which it has host files present in
/etc/tinc/VPN/hosts/, correct ?

BR