tinc connectTo cleanup
Guus Sliepen
guus at tinc-vpn.org
Mon Jan 12 13:25:06 CET 2015
On Mon, Jan 12, 2015 at 12:37:24PM +0530, Anil Moris wrote:
> I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts.
>
> I am planning to automate a periodic cleanup of ConnectTo in the tinc.conf
> file, the issue is I am not able to figure out which ConnectTo is been used
> and which are stale, say NOT used in last 2 to 3 days.
>
> I want to remove those ConnectTo which are no longer actively used.
> Is it possible to find which ConnectTo are not used.
With tinc 1.0.x, that's hard to say. You could add a host-up script to
track when the last time a node was alive. With tinc 1.1, you can use
the "tinc info <node>" command to find out what the last time the node
went on- or offline is. However, both cases do not distinguish between
connections made via ConnectTo or via other means.
But most importantly, you don't need to have a ConnectTo line in your
tinc.conf for every node in your VPN! Say you have three nodes, A, B and
C, and A and B both have ConnectTo C in their tinc.conf, then A and B
will learn about each other from C, and will be able to exchange VPN
packets directly, without requiring further ConnectTo variables. If you
want to keep your configuration static and not have many ConnectTo
lines, then the best way is to choose a small number (say 3) of nodes
that are most likely to be online, and just have all the nodes ConnectTo
those 3 nodes.
In tinc 1.1, this can be fully automated: just add "AutoConnect = yes"
to tinc.conf, and then tinc will automatically create meta-connections
as necessary.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150112/ed2ac589/attachment.sig>
More information about the tinc
mailing list