<div dir="ltr"><div>thanks Guus for the quick response.</div><div><br></div>I am using tinc 1.1 <div><br><div>if I use <span style="font-size:12.6666669845581px">AutoConnect = yes then will it automatically remove connections that are no longer in use? </span></div><div><span style="font-size:12.6666669845581px">What are the security issues with '</span><span style="font-size:12.6666669845581px">AutoConnect = yes' I should be worried</span><span style="font-size:12.6666669845581px">?</span></div><div><span style="font-size:12.6666669845581px">for my use case I might go upto 20 to 30 + tinc hosts connected to single tinc box.</span></div></div><div><span style="font-size:12.6666669845581px">as per the doc </span><span style="font-size:12.6666669845581px">AutoConnect = yes is</span><span style="font-size:12.6666669845581px"> experimental, I am using it in our production cloud.</span></div><div><span style="font-size:12.6666669845581px"><br></span></div><div><span style="font-size:12.6666669845581px">It would be helpful if we can have more info about AutoConnect = yes in the documentation.</span></div><div><span style="font-size:12.6666669845581px"><br></span></div><div><span style="font-size:12.6666669845581px"><br></span></div><div><span style="font-size:12.6666669845581px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 12, 2015 at 5:55 PM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Mon, Jan 12, 2015 at 12:37:24PM +0530, Anil Moris wrote:<br>
<br>
> I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts.<br>
><br>
> I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf<br>
> file, the issue is I am not able to figure out which ConnectTo is been used<br>
> and which are stale, say NOT used in last 2 to 3 days.<br>
><br>
> I want to remove those ConnectTo which are no longer actively used.<br>
> Is it possible to find which ConnectTo are not used.<br>
<br>
</div></div>With tinc 1.0.x, that's hard to say. You could add a host-up script to<br>
track when the last time a node was alive. With tinc 1.1, you can use<br>
the "tinc info <node>" command to find out what the last time the node<br>
went on- or offline is. However, both cases do not distinguish between<br>
connections made via ConnectTo or via other means.<br>
<br>
But most importantly, you don't need to have a ConnectTo line in your<br>
tinc.conf for every node in your VPN! Say you have three nodes, A, B and<br>
C, and A and B both have ConnectTo C in their tinc.conf, then A and B<br>
will learn about each other from C, and will be able to exchange VPN<br>
packets directly, without requiring further ConnectTo variables. If you<br>
want to keep your configuration static and not have many ConnectTo<br>
lines, then the best way is to choose a small number (say 3) of nodes<br>
that are most likely to be online, and just have all the nodes ConnectTo<br>
those 3 nodes.<br>
<br>
In tinc 1.1, this can be fully automated: just add "AutoConnect = yes"<br>
to tinc.conf, and then tinc will automatically create meta-connections<br>
as necessary.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</font></span><br>_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>