<div dir="ltr"><div><div>Hi Guus<br><br></div>Thanks for clarifying. Some follow up questions:</div><div><br></div><div>- How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to?</div><div>- What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo?</div><div>- When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ?</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"> -nirmal</div></div>
<br><div class="gmail_quote">On Tue, Aug 22, 2017 at 12:10 PM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote:<br>
<br>
> Today our Tinc network saw a network partition when we took one tinc node<br>
> down.<br>
><br>
> We knew there was a network partition since the graph showed a split. This<br>
> graph is not very helpful but its what I have at the moment:<br>
><br>
> <a href="http://i.imgur.com/XP2PSWc.png" rel="noreferrer" target="_blank">http://i.imgur.com/XP2PSWc.png</a><br>
<br>
</span>The graph is very clear.<br>
<span class=""><br>
> Some questions:<br>
> - should we have a combination of both ConnectTo and AutoConnect to avoid<br>
> such a network split?<br>
<br>
</span>No, it's a bug in AutoConnect. I've just pushed a fix to the 1.1 branch<br>
that will try to continue to connect to unreachable nodes, even if a<br>
node already has 3 or more connections.<br>
<span class=""><br>
> - Say we have 3 ConnectTo variables and then AutoConnect=yes, would there<br>
> ever be more than 3 connections ? (I read somewhere that AutoConnect will<br>
> make upto 3 connections only)<br>
<br>
</span>There can always be more than 3 connections, even when AutoConnect is<br>
enabled.<br>
<br>
When starting, tinc will try to make outgoing connections to all nodes<br>
listed in ConnectTo statements. This can be more than 3 nodes. After<br>
that, the AutoConnect algorithm kicks in.<br>
<br>
The AutoConnect algorithm tries to regulate the number of established<br>
connections, either by creating more outgoing connections, or by<br>
closing connections that it made itself. It will never close incoming<br>
connections, and it also won't close outgoing connections to a node that<br>
isn't already connected to at least one other node.<br>
<br>
Ideally, after a while connections get rearranged such that no node has<br>
more than 3 connections. But this can take a while, or it might never<br>
happen; for example if you have 5 nodes behind NAT, and one public node,<br>
then the public node will always have 5 connections.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</font></span><br>______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>