4 questions about tinc's VPN
EleGoS
elegos at fastwebnet.it
Fri Nov 24 18:23:26 CET 2006
Guus Sliepen ha scritto:
> On Fri, Nov 24, 2006 at 12:05:23PM +0100, EleGoS wrote:
>
>
>> I'm totally new to the concept 'self-made VPNs' :P
>>
>
> What do you mean by "self-made"?
>
I mean non self-extraction plug'n'play as hamachi :P
>
>> question n.1: I'm behind a router. This router is configurable, but I'm
>> also behind a provider's NAT (private IPs with a common public IP). Will
>> tinc work, or it will do as hamachi does (problems connecting to me)?
>> (in hamachi there is a 'yellow' indicator on me for users of the same
>> provider [passages: |private IP| -> |public IP| -> |hamachi server| ->
>> |public IP| -> |private IP| -> |router's private IP|])
>>
>
> If you are behind a NAT, you should probably add "TCPOnly = yes" to your
> tinc.conf. Once a tinc daemon behind a NAT makes a connection to another
> tinc daemon, packets can go both ways.
>
>
"TCPOnly = yes" must be put in the tinc.conf, right? but only for the
NATted PC? Will UDP programs run other this net?
>> question n.2: a tinc VPN uses the server's bandwidth (so all the
>> transmissions pass from the server) or is a P2P system (the server only
>> re-addresses the connections)?
>>
>
> It's peer-to-peer. There is no central server with tinc. Tinc also does
> not make a distinction between "client" and "server".
>
>
1. As said by Graham Cobb, will the connections to the NATted PC grave
to the 'external'-liked PC? As I'm going to create a server-game, and
there must be high bandwidth (fibre VS ADSL to say)
2. Must I connect to another PC and the same for the opposite PC or not?
(i.e. PC1 <--> PC2 or simply PC --> PC2)
>> question n.3: if a client enters a server, does the client 'see' all the
>> others connected to the server?
>>
>
> Yes, each tinc daemon knows about all other tinc daemons in the same
> VPN.
>
>
>> question n.4: what about the public and private keys? What to give to
>> the clients? What the clients must generate?
>>
>
> You typically let every tinc daemon generate its own public/private
> keypair. You then exchange public keys with those other tinc daemons for
> which you have a ConnectTo line in your tinc.conf. You don't have to
> ConnectTo all other daemons in the VPN, just a few is enough, tinc will
> create a full mesh network itself from there on.
>
>
Can I connect all the PCs only to one VPN-linked daemon? Does this
changes anything?
Another question: can I create pre-made rsa_key.priv and hosts to
distribute, or they are PC-linked?
Thanks very much ^^
More information about the tinc
mailing list