4 questions about tinc's VPN

Guus Sliepen guus at tinc-vpn.org
Sat Nov 25 10:13:15 CET 2006


On Fri, Nov 24, 2006 at 06:23:26PM +0100, EleGoS wrote:

> >If you are behind a NAT, you should probably add "TCPOnly = yes" to your
> >tinc.conf. Once a tinc daemon behind a NAT makes a connection to another
> >tinc daemon, packets can go both ways.
> >  
> "TCPOnly = yes" must be put in the tinc.conf, right?

Yes.

> but only for the NATted PC?

Yes.

> Will UDP programs run other this net?

Yes.

> >It's peer-to-peer. There is no central server with tinc. Tinc also does
> >not make a distinction between "client" and "server".
> >  
> 1. As said by Graham Cobb, will the connections to the NATted PC grave 
> to the 'external'-liked PC? As I'm going to create a server-game, and 
> there must be high bandwidth (fibre VS ADSL to say)

Yes. NAT restricts the ability to create peer-to-peer connections. If
you have a lot of tinc daemons behind a NAT connecting to a tinc daemon
without NAT, then all traffic will flow through that central tinc
daemon.

There seem to be some clever techniques these days to set up
peer-to-peer connections even between two NATted hosts, but that's not
implemented in tinc.

> Can I connect all the PCs only to one VPN-linked daemon? Does this 
> changes anything?

Yes that's possible, it doesn't change much.

> Another question: can I create pre-made rsa_key.priv and hosts to 
> distribute, or they are PC-linked?

You must have a unique keypair for every tinc daemon. Where or when you
create the keypair is irrelevant.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20061125/4b21aae8/attachment.pgp


More information about the tinc mailing list