Forwarding in switch mode

Николай Шульга nsh at runway.lv
Fri Sep 26 17:25:46 CEST 2014 

Hello Etienne ,

Following your advice, I've added to my config:

DirectOnly = yes
IndirectData = no

Unfortunately this doesn't help.

At the moment I'm using workaround - filtering MAC addresses of the 
unwanted nodes, but it would be nice to use native tinc settings.

Nikolay.



25.09.2014 20:47, Etienne Dechamps пишет:
> Most likely, you'll find that B is not actually forwarding packets.
> Instead, what happens is that tinc automatically establishes a direct
> UDP tunnel behind the scenes between A and C, allowing A and C to talk
> directly without going through B. That happens even if you didn't
> manually set up a metaconnection between A and C.
>
> What you really want in that case is to (1) make sure that packets are
> never sent outside of manually configured links, and (2) disable
> forwarding. (1) is achieved by using the IndirectData option, and (2)
> is achieved using the DirectOnly option. Therefore you need to use
> both (on A and C) at the same time to achieve your goal. This is
> explained in the documentation for DirectOnly:
>
> "When this option is enabled, packets that cannot be sent directly to
> the destination node, but which would have to be forwarded by an
> intermediate node, are dropped instead.  When combined with the
> IndirectData option, packets for nodes for which we do not have a meta
> connection with are also dropped."
>
> On Thu, Sep 25, 2014 at 4:14 PM, Николай Шульга <nsh at runway.lv> wrote:
>> I like tinc and am using it widely in the company I work for.
>> Currently I'm experimenting with 'switch' mode & have a problem with packets
>> being forwarded.
>> I've tried possible combinations with next parameters:
>>
>> a) Broadcast = direct
>> b) Forwarding = kernel
>> c) DirectOnly = yes
>>
>>  From the documentation, it looks like (a) should be enough to stop packet
>> forwarding between tinc nodes. But non of those parameters or combinations
>> of them have helped me.
>> The target is: if we have Router_A---------Router_B----------Router_C,
>> A and C don't have direct connection, then B should not forward packets
>> between them.
>> Please, if it's possible, those who knows a way to stop forwarding, give me
>> an advice.

More information about the tinc mailing list