Concept clarification between multiple ConnecTo and multiple netname

Etienne Dechamps etienne at edechamps.fr
Mon May 1 12:39:02 CEST 2017 

If you have multiple ConnectTo statements in your tinc.conf, then tinc will
attempt to establish connections with *all* of them. It is not a fallback,
though it is a good idea for every node to have at least two direct
connections for improved resiliency and fault tolerance.

As to whether you should have just one tinc network or multiple networks,
well, that depends on what you're trying to accomplish and whether you want
isolation between these networks. If all your nodes are meant to be part of
the same VPN (i.e. same address space) and are part of the same trust
domain (i.e. they all trust each other equally), then it's simpler to have
them be in the same tinc network - that will simplify configuration and it
will result in smarter routing decisions.

If you are setting up individual tinc networks that only have two nodes in
them, then tinc is overkill - you might as well use something simpler like
IP/IP, GRE, OpenVPN or other "point-to-point" VPN solutions. tinc's purpose
is to build a reliable, self-routing VPN out of a large mesh network of
nodes; it makes little sense to use it for simple point-to-point
connections.

On 30 April 2017 at 00:53, Bright Zhao <startryst at gmail.com> wrote:

> Hi, Tinc experts
>
> I’m on-boarding for Tinc for just quite a few days, and trying to setup
> the connection between one client to multiple server, where multiple vpn
> tunnels from the client to different server. From the documentation, it
> indicate the tinc.conf can support multiple ConnecTo, also the tinc can
> support multiple netname, like /etc/tinc/net1, /etc/tinc/net2.
>
> My question is, for my above use case, I should go with multiple netname
> instead of multiple ConnectTo, right? I did some tests, and I found no
> matter how many ConnectTos I placed in the tinc.conf(on the client side),
> only one connection can made to the server, and only one tun0 bring up with
> is the p2p connection can only go with one server, even though from debug
> message, I saw to connections all established, but only one connection is
> pingable.
>
> If this is the case, then can I assume the ConnectTo in the tinc.conf is
> connection by sequence which is a failover machoism, instead of "connect
> them all"? But multiple netname can do the “connect them all"
>
>
> --
> Bright Zhao sent from Gmail
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/7eba0db3/attachment.html>

More information about the tinc mailing list