Changing interface based on network availability

Guus Sliepen guus at tinc-vpn.org
Mon Jul 16 11:52:43 CEST 2012 

On Mon, Jul 16, 2012 at 04:09:39PM +1000, Andrew Cowie wrote:

> > When the interface is automatically created, it is in the down state.
> 
> That doesn't seem to be what is happening here. The moment tincd starts
> running, the tun0 interface is UP. Is that a bug?

Hm, on Linux, OpenBSD and FreeBSD at least, the dynamically created VPN
interface is normally down when you start tinc.  Which OS are you using? Or are
you using persistent tun devices? In any case, you could just add "ifconfig
$INTERFACE down" to tinc-up, to make sure the interface is down when tinc
starts.

> So, in addition to that, I've realized what it is I'm looking for: I
> don't want tinc to have the interface marked UP unless there is a route
> to the internet on some *other* interface.
> 
> [Ideally from there, it should only be UP once it actually has a
> connection to someone else in the mesh, but it seems I have
> misunderstood something somewhere. How can the VPN's tun0 device be UP
> if it hasn't proven connectivity to one of the ConnectTos yet?]
> 
> I am testing this by yanking the ethernet cable out. If there's no
> uplink, then how can tinc view itself as UP?

The tun0 interface works completely independent from any other interface.
Whether it is up or down is controlled by what you put in the -up and -down
scripts. Tinc itself doesn't modify the state of the tun0 interface.

> Maybe I should have asked: "when does tinc-up run? When tincd starts, or
> when a connection is obtained to a peer?"

tinc-up runs right after tinc is started, before it has even tried to make
connections.

In general, it is wrong for applications to depend on the state of a network
interface; the destination host it is trying to reach can be unreachable for a
variety of reasons.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120716/02bd7ecb/attachment.pgp>

More information about the tinc mailing list