Using Tinc to create overlay network for VMs or LXC containers?
raul
raulbe at gmail.com
Thu Sep 25 21:50:38 CEST 2014
Ok, that's good to know. I just got the feeling that having multiple
'ConnectTo' statements would be inefficient. The only state on host using
Tinc this way would be the 655 tcp/udp port forwarding for one of the
public IPs. Everything else happens in the containers, and this can be a
flexible option.
On the discovery, so it can be taken for granted that without the
'ConnectTo' new Tinc instances on either side in this context will
autodiscover each other on the same host? Are they any additional settings
like 'localdiscovery' to be enabled?
On Wed, Sep 24, 2014 at 9:25 PM, Etienne Dechamps <etienne at edechamps.fr>
wrote:
> On Tue, Sep 23, 2014 at 11:55 AM, raul <raulbe at gmail.com> wrote:
> > I could install Tinc in all the containers on both sides and use
> 'ConnecTo'
> > and create a mesh which will possibly work, but is there a better or more
> > efficient way to do this?
>
> I don't see why it wouldn't work. Note that you don't need a full
> mesh, just make sure all tinc nodes are part of the same graph and you
> should be good to go.
>
> tinc will automatically figure it out and establish direct UDP
> connections between nodes (using UDP hole punching to circumvent NATs
> if necessary), even if they don't have a direct "ConnectTo"
> declaration for each other. In other words tinc will always use the
> most efficient route (i.e. direct UDP communication) assuming it's
> technically feasible over the underlying network.
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140926/74e4f2cc/attachment.html>
More information about the tinc
mailing list