tinc connectTo cleanup

Anil Moris anilmoris at gmail.com
Tue Jan 13 06:07:28 CET 2015 

thanks Guus for the quick response.

I am using tinc 1.1

if I use AutoConnect = yes then will it automatically remove connections
that are no longer in use?
What are the security issues with 'AutoConnect = yes' I should be worried?
for my use case I might go upto 20 to 30 + tinc hosts connected to single
tinc box.
as per the doc AutoConnect = yes is experimental, I am using it in our
production cloud.

It would be helpful if we can have more info about AutoConnect = yes in the
documentation.




On Mon, Jan 12, 2015 at 5:55 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:

> On Mon, Jan 12, 2015 at 12:37:24PM +0530, Anil Moris wrote:
>
> > I have a use case where my tinc.conf ConnectTo can go upto 20 + hosts.
> >
> > I am planning to automate a periodic cleanup of ConnectTo in the
> tinc.conf
> > file, the issue is I am not able to figure out which ConnectTo is been
> used
> > and which are stale, say NOT used in last 2 to 3 days.
> >
> > I want to remove those ConnectTo which are no longer actively used.
> > Is it possible to find which ConnectTo  are not used.
>
> With tinc 1.0.x, that's hard to say. You could add a host-up script to
> track when the last time a node was alive. With tinc 1.1, you can use
> the "tinc info <node>" command to find out what the last time the node
> went on- or offline is. However, both cases do not distinguish between
> connections made via ConnectTo or via other means.
>
> But most importantly, you don't need to have a ConnectTo line in your
> tinc.conf for every node in your VPN! Say you have three nodes, A, B and
> C, and A and B both have ConnectTo C in their tinc.conf, then A and B
> will learn about each other from C, and will be able to exchange VPN
> packets directly, without requiring further ConnectTo variables. If you
> want to keep your configuration static and not have many ConnectTo
> lines, then the best way is to choose a small number (say 3) of nodes
> that are most likely to be online, and just have all the nodes ConnectTo
> those 3 nodes.
>
> In tinc 1.1, this can be fully automated: just add "AutoConnect = yes"
> to tinc.conf, and then tinc will automatically create meta-connections
> as necessary.
>
> --
> Met vriendelijke groet / with kind regards,
>      Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150113/7a99e5c4/attachment-0001.html>

More information about the tinc mailing list