networking remote systems over unknown ip's

waltfeasel at gmail.com waltfeasel at gmail.com
Mon Jan 15 22:53:58 CET 2018 

Guus,

On Mon, 2018-01-15 at 18:58 +0100, Guus Sliepen wrote:
> On Mon, Jan 15, 2018 at 01:56:11AM -0500, waltfeasel at gmail.com wrote:
> 
> > I am making some systems that are going to be donated to different
> > organizations and I want the kids to be able to share programs they
> > write with each other on the different disk automatically securely.
> > Can
> > I network these systems without knowing individual ip's and not
> > touching firewalls. I was thinking maybe I could use a dns service
> > like
> > duckdns to substitute ip's with comp1.duckdns.org,
> > comp2.duckdns.org,
> > etc. 
> > Is this even possible/advisable using tinc?
> 
> Yes.
> 
> > I am guessing I would minimally need to know the internal private
> > ip's
> > to avoid conflicts.
> 
> Indeed, you need to carefully choose an address range for your tinc
> network so that there are no conflicts with the local network of any
> of
> the peers. If possible, try to use IPv6. With RFC 4193, you can
> generate
> a unique private address range that is virtually certain to not
> conflict
> with anything. Also, you will have a huge address space to work with.
> You might also be able to acquire a globally unique address range for
> your project.
> 
> As for the external addresses of the systems: there is no need for
> all
> nodes in the VPN to know the external address of all other nodes up
> front. Also, you can use hostnames instead of numeric addresses so
> indeed, if you have a DNS zone set up you can make use of that.
> 
> As long as you have one or more central nodes with a known IP address
> or
> hostname that other nodes can connect to, you do not need to know the
> external IP addresses of any of the other nodes. As soon as tinc
> daemons
> connect to the central nodes, they will learn about each other's
> addresses, and will use this information to connect to each other
> directly, if possible.
> 
> 
Thank you for the response and the suggestion about using ipv6
addresses! Now to get reading ;)

Walt


> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

More information about the tinc mailing list