Allow direct connection between some (but not all) nodes on the network
Guus Sliepen
guus at tinc-vpn.org
Thu Dec 29 13:45:32 CET 2016
On Sat, Dec 24, 2016 at 03:12:15AM +0000, Guillermo Bisheimer wrote:
> I'm using tinc 1.1pre14 to establish a VPN between 10 servers and a few
> administration clients. I have a central server that runs Tinc and all
> other servers and clients connect to it. I need the to be able to establish
> a direct connection between the administration clients and the servers, but
> block the server between each other.
This is not supported by tinc. I would normally recommend that you use
one VPN per administrative domain, but if you are have 10 or more
domains, I can see that this is becoming a hassle to set up. Still, it's
only one tinc setup per server, only on the administrative clients you
need to configure multiple tinc networks.
> I couldn't find a way to do this with tinc, but meantime I'm using the
> options Forwarding=kernel and tunnel_server=yes and a bunch of firewall
> rules in order to accomplish the network topology I need. I don't have
> direct connection between admin clients and the servers, but it works.
That's the best alternative solution if you can live without direct
connections.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20161229/53693240/attachment.sig>
More information about the tinc
mailing list