What exactly is the meaning of "Subnet" parameter in tinc/$NETNAME/hosts/$SOMEHOSTNAME?

Philip Blagoveschensky philip at crabman.me
Mon Nov 20 18:51:17 CET 2017 

On Sun, Nov 19, 2017 at 05:42:37PM +0800, Mulianto wrote:
> Hi,
> 
> Subnet there means as , for this subnet you can reach via me (for ip route command).
> 
> For the host file there, means i am responsible for this area. Any packet going to this area will pass through me.
> 
> Your vpn  can have multiple subnet/area.
> 
> You can use hostname as the gateway but must make the dns resolv correct, and it will need more config. 
> 
> You need to understand about subnetting to better understand this.
> 
> Regards,
> 
> Mulianto
> 
> 
> Sent from my Mini Ipad 
> 
> > On 16 Nov 2017, at 19.56, Philip Blagoveschensky <philip at crabman.me> wrote:
> > 
> > Hello, I am not very good at linux networking. I have read tinc documentation
> > multiple times and I still don't understand what the "Subnet = ..." directive
> > does in /etc/tinc/$NET_NAME/hosts/$HOST_NAME
> > 
> > Right now I have a simple virtual lan organized with tinc, and I use the
> > following in every device's config file (replacing the last part of the
> > address):
> > 
> > # This computer will have this ip address in the vpn
> > Subnet = 10.20.30.22/32
> > 
> > This allows me to connect to $HOST_NAME using ip address 10.20.30.22.
> > 
> > Now what I don't understand is why the guides on how to use one of tinc peer as
> > the default gateway tell me to write this too:
> > 
> > Subnet = 0.0.0.0/0
> > 
> > I don't understand what this does.
> > Why is it not enough to set routes on the client device like this?
> > 
> > ip route add 0.0.0.0/0 via 10.20.30.22 dev $NET_NAME metric 40
> > ip route add $SERVER_IP_ON_INTERNET/32 via 192.168.0.1 dev enp3s0
> > 
> > Does all this mean, that it's impossible to sometimes use $HOST_NAME_1 as the
> > default gateway and sometimes another $HOST_NAME_2, because their
> > `Subnet = 0.0.0.0/0` will clash, and something will fuck up?
> > 
> > -- 
> > Philip Blagoveschensky
> > _______________________________________________
> > tinc mailing list
> > tinc at tinc-vpn.org
> > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Are you saying that if I want to reach XXX.XXX.XXX.XXX/32 via $HOST2 from $HOST1, then I not
only need to set route 'XXX.XXX.XXX.XXX/32 via ip-address-of-$HOST2 dev
tinc-dev' on $HOST1, but also need to have tinc Subnet records for $HOST2 that at
least include 'Subnet = XXX.XXX.XXX.XXX/32'?
And if I don't include that subnet in tinc configuration, but only set route on
$HOST1 and allow packet forwarding on $HOST2, then it won't work?
-- 
Philip Blagoveschensky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20171120/26f8ff2f/attachment.sig>

More information about the tinc mailing list