Dual, backup, Tinc Servers?
Lars Kruse
lists at sumpfralle.de
Sun Jun 17 14:41:32 CEST 2018
Hello John,
Am Sat, 16 Jun 2018 09:23:47 +0000 (UTC)
schrieb "jradxl at yahoo.com" <jradxl at yahoo.com>:
> In a two tinc vpn servers setup, is there a way of switching the static
> route on MachineC to use TincServerB if TincServerA were to go down?
I assume, that you could solve your challenge with tinc easily by using the
"weight" field in your subnet definitions (see "man tinc.conf"):
= TincServerA =
Subnet = 10.23.42.0/24#3
= TincServerB =
Subnet = 10.23.42.0/24#5
Here both nodes feel responsible for the same network. Thus TincServerC will
send packages for this network via TincServerA, if it is available (due to the
lower "weight"). Otherwise it will use TincServerB.
This should be working in "router" (the default) out of the box, I guess.
In "switch" mode, you will need to apply the "weight" in your subnet-up-Script,
e.g.:
ip route add "$SUBNET" dev "$INTERFACE" metric "$WEIGHT"
And another last detail: if your traffic is directed at hosts _behind_
TincServerA/B, then you will also need to take care for the routing of the
traffic coming back from these hosts to C. Source NAT on A/B could be a quick
(and quite dirty) solution for this.
> If all three PCs were tinc vpn servers, it would mitigate the single point
> of failure, but would that waste Internet bandwidth with all three connecting
> to the other side?
This depends on your scarcity of bandwidth. I assume, that it is not
problematic in most situations.
Cheers,
Lars
More information about the tinc
mailing list