decentral vpn with 1 gateway host
Guus Sliepen
guus at tinc-vpn.org
Thu Feb 25 18:58:16 CET 2010
On Thu, Feb 25, 2010 at 05:30:45PM +0100, deep_eye wrote:
> i have the follow configuration:
> 1 client/server called master, it is always reachable from internet
> (with dyndns)
> 5 clients, that connects to the master and the other clients (all behind
> a router (NAT))
[...]
> i use the master to learn the ip's of the machines behind nat.
> the problem is, if the master is for a short time unrechable, than all
> clients lose the connection (as long as the master is not reachable).
>
> it is possible to hold the connections between the clients behind a
> nat-router without a third node?
At the moment, this is not possible. The reason is that TCP connections are
used to exchange metadata (such as session keys) and to authenticate nodes, so
if a node doesn't have any working TCP connections to another node anymore, it
will invalidate all session keys, even if it could still reach other nodes via
UDP.
> if i create a second reachable master and add in the tinc.conf a
> additional connectto line, make the clients to both masters a connection
> or at first to the first and if it is not reachable then probe/connect
> to the second?
That would work. If you have two ConnectTo lines in tinc.conf, tinc will try to
connect to both simultaneously. If one of the masters fails, then all nodes
will still be able to exchange metadata with each other via the second master,
so they will continue to work.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100225/0a1fbee2/attachment.pgp>
More information about the tinc
mailing list