How to set Subnet in a node which act as both server and client role?
LowEel
loweel at gmx.de
Mon May 1 14:09:51 CEST 2017
I cannot understand why you say the configuration for B will be tricky.
If you select the switch mode, and some machine can initiate a
connection to some other machine, until
there is a path, the whole net will behave as all the tap device were
connected to a single switch.
Is not a vpn in the strict ipsec meaning, you should see it more like an
encrypted VLAN.
On 05/01/2017 12:00 PM, Bright Zhao wrote:
> Hi, Tinc experts
>
> Diagram as below, A is trying to access host X behind C:
>
> A >> B >> C — “host X"
>
> B is the tinc server for A, but also B is the tinc client to connect to C.
>
> My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky.
>
> As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32, which indicate the VPN serve for this host.
> But as the tinc client to C, B’s host config shouldn’t include Subnet = X/32, because X/32 is behind C.
>
> If not direct connection available from A to C, the only way I can figure it out is to setup two VPNs, /etc/tinc/vpn1 and /etc/tinc/vpn2:
>
> A >> vpn1 >> B >> vpn2 >> C — “host X”
>
> If so, the /etc/tinc/vpn1/hosts/B can have Subnet =X/32; but the /etc/tinc/vpn2/hosts/B can exclude Subnet =X/32 since it’s the client side for C.
>
> Let me know if there’s any other simple way to achieve this.
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/50d5e5e5/attachment.sig>
More information about the tinc
mailing list