How to set Subnet in a node which act as both server and client role?

LowEel loweel at gmx.de
Mon May 1 18:49:04 CEST 2017 

You asked for the easier way to to achieve.

To me , easy means you take care of a little, and the rest happens
"automagically".


To make an example:


I have a network made of

{raspi, odroid XU, personal computer} >> {GW raspi exposed to the
internet} >> router+DDNS >> {amazon ec instance, my laptop}


The home router points port  443 to this GW raspberry and does DDNS,
plus translates port 80 to the other raspi.

Amazon instance and the laptop , from the internet , are connecting via
the exposed port.


Now, If I followed an approach with routing, /this would have been a
nightmare/, because the amazon instance would have changed

ip , and the laptop is a roadrunner, so I should have check the IP
everytime, before of putting a new static route.


Setting everything as a switch and using tap device, I don't really need
any of that. Until there is ONE path, all machines may see each others

with no HOP.

Which is why, to me, when you are having complexity, the switch mode and
tap is much more "easy way to achieve".




On 05/01/2017 02:50 PM, Bright Zhao wrote:
> You’re talking about Layer 2  bridging by Tinc? The use case here is layer 3 routing, but anyway, thanks for your feedback.
>
>
>> On 1 May 2017, at 8:09 PM, LowEel <loweel at gmx.de> wrote:
>>
>> I cannot understand why you say the configuration for B will be tricky.
>>
>> If you select the switch mode, and some machine can initiate a
>> connection to some other machine, until
>>
>> there is a path, the whole net will behave as all the tap device were
>> connected to a single switch.
>>
>> Is not a vpn in the strict ipsec meaning, you should see it more like an
>> encrypted VLAN.
>>
>>
>>
>> If so, the /etc/tinc/vpn1/hosts/B can have Subnet =X/32; but the /etc/tinc/vpn2/hosts/B can exclude Subnet =X/32 since it’s the client side for C.
>>
>> Let me know if there’s any other simple way to achieve this.
>> _______________________________________________
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/cb5a1987/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/cb5a1987/attachment.sig>

More information about the tinc mailing list