redirect-gateway and p2p-Traffic

Sun Apr 8 21:45:03 CEST 2012

On Sun, Apr 08, 2012 at 08:56:40PM +0200, Jan Lühr wrote:

> http://www.tinc-vpn.org/examples/redirect-gateway/ explains how to set up a 
> default route using tinc. However, in my understanding tinc's p2p traffic is 
> routed via tinc there: 
> Assume a network: Client A, Client B and a Server S. A and B have "ConnectTo 
> S" in their config, S is used as a gateway providing 0.0.0.0/0 . All packets 
> send from A to B will be delivered to <public_ip_address_of_b>:655/udp. Since 
> A will route through S these packages will travel through S.
> 
> Am I right?

Yes.

> Is there a simple workaround for enabling direct communication, if 
> A and B are using dynamic ip-addresses? (Without iptables marking & policy 
> based routing)

You can add additional host-up scripts for the other clients, or have a generic
script named "host-up" in the same directory as tinc.conf. There, you can add
the necessary direct route to that host:  

#!/bin/sh
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY

Note that if you have both a generic host-up scripts and a specific -up script
for a node, then both will be executed, the generic one first. So if you use
the generic scripts, you still need the server-up script, but you can remove
the first "ip route add" command from it. It works the same for -down scripts.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120408/012dc9d7/attachment.pgp>