Dev: new option to mark all tincd socket of a tincd process
Etienne Dechamps
etienne at edechamps.fr
Thu Oct 6 22:06:33 CEST 2016
You might be able to do this today without any changes to tinc, if you run
your various tincd processes under different users, and then use something
like:
# iptables -A OUTPUT -m owner --uid-owner <username> -j MARK --set-mark ...
On 5 October 2016 at 18:27, Olivier Tirat <olivier.tirat at byo-networks.com>
wrote:
> I know i'm new to the list but i'd like to propose something for tincd
> daemon.
>
> I'd like to mark all sockets established by a tincd process with a mark
> passed as an argument in the command line.
>
> What could be the purpose of this new option?
> The goal of this option is to be able to have several tincd process
> running at the same time using the same port but using different ip.
> In order to be able to give the right IP to outgoing packet i have to be
> able to mark them and to source nat the packet according to the mark.
> The advantage of this solution is to have fixed ports for traffic and
> firewalls and moving ip address that are much easier to manage.
>
> Do you think its something interesting?
> Do you think its a hard work to do?
> If not i could probably try to do it and propose a patch for that if you
> think it is interesting.
>
>
> Sincerely Yours
>
> Olivier
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20161006/192d19d5/attachment.html>
More information about the tinc
mailing list