Define which host to use when direct link not possible?

Armin armin at melware.de
Fri Sep 2 09:44:45 CEST 2016 

On 02.09.2016 08:33, Sich wrote:
>
>
> Le 31/08/2016 à 10:47, Armin a écrit :
>> On 30.08.2016 17:37, Guus Sliepen wrote:
>>> On Tue, Aug 30, 2016 at 02:38:16PM +0200, Armin Schindler wrote:
>>>
>>>> we use a meshed VPN with TINC to connect 7 offices.
>>>> Some office are in other countries and use other ISPs. The connection
>>>> between some ISPs (peering partners) are not that good. This means we
>>>> have packet loss between those direct connections.
>>>>
>>>> To avoid this direct connection, I would like to tell TINC to use
>>>> a defined other host to route the packets to.
>>>> E.g.
>>>> instead of doing direct office-1 to office-2, send always packets
>>>> for office-2 to office-5 (because connection with office-5 is very
>>>> stable).
>>>>
>>>> Is there a way to configure TINC to not use direct connection
>>>> for one host, but use a specified, other host for that?
>>>
>>> You can set IndirectData = yes in hosts/office-2 on hosts/office-1, and
>>> vice versa, to prevent it from trying a direct connection.
>>>
>>> Note that you also should not have ConnectTo = office-2 in office-1's
>>> tinc.conf, and vice versa, otherwise the above will not have any effect.
>>
>> Understood. But this will keep tinc from doing direct only, but it may
>> use *any* other host to transfer the data, right?
>>
>> I would like to set a specific host (with best connection) to be the
>> 'man-in-the-middle'.
>>
>> Armin
>
> Maybe you should try with the route metric.
> Play with what Guus say (indirectdata) and using different metric for
> your route. Small metric for your favorite host, and bigger metric for
> the other.
> You have to play with the routing system, but maybe just add route to
> office 2 on office 5, and say that office 5 is the GW for office 2 on
> the other router.
>
> I don't know if this will work but you can try.

I found another solution. I use the weight as Guus wrote, but since this 
setting is overwritten when this host "learned" subnets from other 
hosts, I use "StrictSubnets = yes" in tinc.conf of that host.
With this the other hosts/offices use all routing features of tinc, but 
the 2 special offices with StrictSubnets have specific settings where to 
send the packets.

StrictSubnets is marked as experimental. Is it not fully tested yet?
So far it seems to work pretty good here.

Thank you.

Armin

More information about the tinc mailing list