a few problems/questions with tinc

[Siavash Sameni]

Hi everyone ,
i have a few questions/problems with tinc , which i need to address ASAP ,
so i'll make it brief .
i have 33 sites , connected with each other using wan ,
in each site , there are two linux firewalls + 3-4 more servers , i
preferred to have a full mesh within my network ,
but unfortunately it was not possible , when i wanted every site to be
connected to every other , as the number of hosts increased there was some
unexplainable abnormalities , so i decided to connect every site to 3-4
other firewalls . so with this approach the whole network is unified , of
course not directly .
so right now my unsolved problems are as follows :

1. SIP/IAX doesn't work over the tinc network , but on tinc edge it works ,
imagine the following situation:
SIP/IAX Server A --network A---- > Firewall A  ---tinc---> Firewall B
---Network B--> SIP/IAX Server B
this approach doesn't work !!
but if i put SIP/IAX server on the firwall B , and use the tinc internal ip
address , the trunk works ..

2. i want to use 2 firewalls in each site  , as failover tinc routers , so
what i've basically done is that i've put two tinc nodes in every site ,
and configured them with the same Subnet in tinc hosts , but the problem
arises with the fact that , the other nodes in each site , only have one of
the servers as default gateway and if the request comes from the other it's
unanswered , i wanted to fix this problem with iptables mangle ,
*iptables*-A PREROUTING -t
*mangle* -i tci  -j *MARK* --set-*mark* 1 , but strange enough iptables
didn't mark it (why?)
so i thought of another solution which is that i'd use keepalived with tinc
, like copy the same private key on two servers , bring one up , if the
server goes down , keepalive would bring tinc down , and *bring the other
server's tinc up* , is it possible ?

3. i have concerns about not having a full mesh , the problem was that ,
when the number of concurrent connection went above 12 , the network wasn't
as good as before , am i doing something wrong ? is it possible to fix it
another how ?

4. should i connect the two firewalls in each provience together , if i
don't use keepalived ofcourse , like add a connect to from server A1 to A2
????

5. i have concerns about tinc routing table , can someone point me to the
right documentation ??

6. in a mesh , is there any utility which would make it easy to identify
which hosts are directly connected to (hosts from connectto)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120215/d044dce6/attachment.html>