How to set tinc not to forward Subnet learned from other nodes?
Guus Sliepen
guus at tinc-vpn.org
Wed Aug 23 08:12:42 CEST 2017
On Sat, Aug 19, 2017 at 08:09:52AM +0800, Bright Zhao wrote:
> Reason behind that is we have some use cases wouldn’t like to make some nodes to become the transit node, but there’re some other nodes in the topology act as the transit nodes.
>
> So if the tinc node forward subnet update it learning from one side to the other side, then it possible to become transit node if one side only have route to go through it.
>
> That node I would call it “spoke-only” node, which dual/triple connection go to multiple “hub” node, “hub” definitely need to forward traffic for the “spoke”, but “spoke” shouldn’t forward subnets learning from one “hub” to another.
>
> Any idea to achieve this in one tinc “network”?
You can use the TunnelServer option on the hub to prevent it from
forwarding Subnet updates from spokes.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170823/442535f8/attachment-0001.sig>
More information about the tinc
mailing list