Concept clarification between multiple ConnecTo and multiple netname

Etienne Dechamps etienne at edechamps.fr
Mon May 1 14:20:06 CEST 2017 

That's exactly right. Corollary: if you take one node from a tinc network
and connect it to a node from another isolated tinc network, the two
networks become one :)

On 1 May 2017 at 13:16, Bright Zhao <startryst at gmail.com> wrote:

> Hi, Etienne
>
> Thanks for your clarification, and this helped a lot. And in order to get
> a better understanding for the mechanism of Tinc and the purpose of
> ConnectTo statement, can I think the ConnectTo is the way to get the node
> into the Tinc VPN domain, instead of establish VPN connection between nodes.
>
> Once any node ConnectTo the Tinc VPN domain, it learns all other nodes,
> subnets, and corresponding public or private(but UDP reachable), and
> establish full mesh VPN among them on-demand. So technically speaking, only
> one ConnectTo would be enough for the node to join the full mesh VPN, but
> in order to provide resilience, add a second ConnectTo will be beneficial.
>
>
> On 1 May 2017, at 6:39 PM, Etienne Dechamps <etienne at edechamps.fr> wrote:
>
> If you have multiple ConnectTo statements in your tinc.conf, then tinc
> will attempt to establish connections with *all* of them. It is not a
> fallback, though it is a good idea for every node to have at least two
> direct connections for improved resiliency and fault tolerance.
>
> As to whether you should have just one tinc network or multiple networks,
> well, that depends on what you're trying to accomplish and whether you want
> isolation between these networks. If all your nodes are meant to be part of
> the same VPN (i.e. same address space) and are part of the same trust
> domain (i.e. they all trust each other equally), then it's simpler to have
> them be in the same tinc network - that will simplify configuration and it
> will result in smarter routing decisions.
>
> If you are setting up individual tinc networks that only have two nodes in
> them, then tinc is overkill - you might as well use something simpler like
> IP/IP, GRE, OpenVPN or other "point-to-point" VPN solutions. tinc's purpose
> is to build a reliable, self-routing VPN out of a large mesh network of
> nodes; it makes little sense to use it for simple point-to-point
> connections.
>
> On 30 April 2017 at 00:53, Bright Zhao <startryst at gmail.com> wrote:
>
>> Hi, Tinc experts
>>
>> I’m on-boarding for Tinc for just quite a few days, and trying to setup
>> the connection between one client to multiple server, where multiple vpn
>> tunnels from the client to different server. From the documentation, it
>> indicate the tinc.conf can support multiple ConnecTo, also the tinc can
>> support multiple netname, like /etc/tinc/net1, /etc/tinc/net2.
>>
>> My question is, for my above use case, I should go with multiple netname
>> instead of multiple ConnectTo, right? I did some tests, and I found no
>> matter how many ConnectTos I placed in the tinc.conf(on the client side),
>> only one connection can made to the server, and only one tun0 bring up with
>> is the p2p connection can only go with one server, even though from debug
>> message, I saw to connections all established, but only one connection is
>> pingable.
>>
>> If this is the case, then can I assume the ConnectTo in the tinc.conf is
>> connection by sequence which is a failover machoism, instead of "connect
>> them all"? But multiple netname can do the “connect them all"
>>
>>
>> --
>> Bright Zhao sent from Gmail
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170501/5cd905e7/attachment-0001.html>

More information about the tinc mailing list