Routing control within one tinc network

Guus Sliepen guus at tinc-vpn.org
Wed May 15 18:09:22 CEST 2013 

On Wed, May 15, 2013 at 07:39:29PM +0400, Lee Essen wrote:

> I have a question around whether there is any way to control tinc routing if you have multiple routes to the same destination.
> 
> I have a three node configuration, let's call them:
> 
> home -> connects to both other nodes
> vps1 -> a VPS, providing connection to the internet
> vps2 -> another VPS, also providing a connection to the internet
> 
> Both vps nodes provide their own 192.168.x.0 subnet as well as 0.0.0.0/0 to allow any traffic to go that way and out to the internet (via SNAT.)
> 
> My original plan was to have different weightings on the 0.0.0.0/0 networks so that I got a preferred vps node, but in the event of a problem it would effectively fail over to the other one. This config all works perfectly ... tinc is absolutely superb!
> 
> BUT ... my preferred vps node has a slight issue from a geographic standpoint that means some services don't work as well as they should ... I'd still like it to be the primary since it has a much bigger bandwidth allowance, but I'd like to route specific services over the other vps (obviously should this second node fail, I'd lose those things that don't work well on the primary ... I'm ok with this.)
> 
> So basically I have a single tinc VPN with two nodes providing 0.0.0.0/0 and I'd still like a way to force specific traffic over one or the other.
> 
> I tried using the 192.168.x.x address in the routing table, but that seems to be ignored, traffic still goes down the primary route.

In router mode, a gateway route does nothing, that only has effect on Ethernet
networks. If you want traffic to specific IP addresses go via the normally
unpreferred node, that is easy: just add Subnets for those IP addresses (or
whole ranges if you want) to the host config file of the unpreferred node. You
can have overlapping Subnets, and smaller Subnets always are preferred over
larger ones (just like the Linux routing table works).

If that is not enough, you could run tinc in switch mode, but then you'd have
to use some other tool to handle failover between the two nodes. You can use
host-up/down scripts to change your routing table depending on which one(s) are
online, or run a routing daemon on top of your VPN.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130515/86447138/attachment.pgp>

More information about the tinc mailing list