networking remote systems over unknown ip's

Guus Sliepen guus at tinc-vpn.org
Mon Jan 15 18:58:10 CET 2018 

On Mon, Jan 15, 2018 at 01:56:11AM -0500, waltfeasel at gmail.com wrote:

> I am making some systems that are going to be donated to different
> organizations and I want the kids to be able to share programs they
> write with each other on the different disk automatically securely. Can
> I network these systems without knowing individual ip's and not
> touching firewalls. I was thinking maybe I could use a dns service like
> duckdns to substitute ip's with comp1.duckdns.org, comp2.duckdns.org,
> etc. 
> Is this even possible/advisable using tinc?

Yes.

> I am guessing I would minimally need to know the internal private ip's
> to avoid conflicts.

Indeed, you need to carefully choose an address range for your tinc
network so that there are no conflicts with the local network of any of
the peers. If possible, try to use IPv6. With RFC 4193, you can generate
a unique private address range that is virtually certain to not conflict
with anything. Also, you will have a huge address space to work with.
You might also be able to acquire a globally unique address range for
your project.

As for the external addresses of the systems: there is no need for all
nodes in the VPN to know the external address of all other nodes up
front. Also, you can use hostnames instead of numeric addresses so
indeed, if you have a DNS zone set up you can make use of that.

As long as you have one or more central nodes with a known IP address or
hostname that other nodes can connect to, you do not need to know the
external IP addresses of any of the other nodes. As soon as tinc daemons
connect to the central nodes, they will learn about each other's
addresses, and will use this information to connect to each other
directly, if possible.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180115/f597e2fc/attachment.sig>

More information about the tinc mailing list