Forwarding in switch mode

Saverio Proto zioproto at gmail.com
Fri Sep 26 19:18:07 CEST 2014 

Hello,

try this patch:
https://github.com/zioproto/fairvpn/blob/master/tarballs-patches/tinc/tinc-1.0.13-fairvpn.patch

it should give you the expected behaviour.

Saverio


2014-09-26 17:25 GMT+02:00 Николай Шульга <nsh at runway.lv>:
> Hello Etienne ,
>
> Following your advice, I've added to my config:
>
> DirectOnly = yes
> IndirectData = no
>
> Unfortunately this doesn't help.
>
> At the moment I'm using workaround - filtering MAC addresses of the unwanted
> nodes, but it would be nice to use native tinc settings.
>
> Nikolay.
>
>
>
> 25.09.2014 20:47, Etienne Dechamps пишет:
>
>> Most likely, you'll find that B is not actually forwarding packets.
>> Instead, what happens is that tinc automatically establishes a direct
>> UDP tunnel behind the scenes between A and C, allowing A and C to talk
>> directly without going through B. That happens even if you didn't
>> manually set up a metaconnection between A and C.
>>
>> What you really want in that case is to (1) make sure that packets are
>> never sent outside of manually configured links, and (2) disable
>> forwarding. (1) is achieved by using the IndirectData option, and (2)
>> is achieved using the DirectOnly option. Therefore you need to use
>> both (on A and C) at the same time to achieve your goal. This is
>> explained in the documentation for DirectOnly:
>>
>> "When this option is enabled, packets that cannot be sent directly to
>> the destination node, but which would have to be forwarded by an
>> intermediate node, are dropped instead.  When combined with the
>> IndirectData option, packets for nodes for which we do not have a meta
>> connection with are also dropped."
>>
>> On Thu, Sep 25, 2014 at 4:14 PM, Николай Шульга <nsh at runway.lv> wrote:
>>>
>>> I like tinc and am using it widely in the company I work for.
>>> Currently I'm experimenting with 'switch' mode & have a problem with
>>> packets
>>> being forwarded.
>>> I've tried possible combinations with next parameters:
>>>
>>> a) Broadcast = direct
>>> b) Forwarding = kernel
>>> c) DirectOnly = yes
>>>
>>>  From the documentation, it looks like (a) should be enough to stop
>>> packet
>>> forwarding between tinc nodes. But non of those parameters or
>>> combinations
>>> of them have helped me.
>>> The target is: if we have Router_A---------Router_B----------Router_C,
>>> A and C don't have direct connection, then B should not forward packets
>>> between them.
>>> Please, if it's possible, those who knows a way to stop forwarding, give
>>> me
>>> an advice.
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

More information about the tinc mailing list