Routing and keying Questions
Frithjof Hammer
mail at frithjof-hammer.de
Sun Jul 6 15:02:30 CEST 2008
Hello!
I use tincd to interconnect 3 LANs: A, B and C. So long, it works fine:
everybody reaches everybody. But I want a different behavior: A and B should
be allowed to talk, as should B and C. I tried to simply delete the
host-files on the nodes that should not be allowed to talk to eachother:
A has a hostfile from B
B has a hostfile from A and C
C has a hostfile from B
But this is no use: I can still ping from A to C. My first thought was, that
they use B as in intermediate hop. But as the ping-latency suggests, they
still talk to eachother directly:
Ping from A to C via tinc:
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=77.5 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=84.6 ms
64 bytes from 192.168.1.100: icmp_seq=4 ttl=64 time=77.1 ms
Ping from A to C via WAN:
64 bytes from x.t-ipconnect.de (217.80.x.x): icmp_seq=1 ttl=58 time=72.9 ms
64 bytes from x.t-ipconnect.de (217.80.x.x): icmp_seq=2 ttl=58 time=72.9 ms
64 bytes from x.t-ipconnect.de (217.80.x.x): icmp_seq=3 ttl=58 time=71.5 ms
As the roundtrip-times via tinc are only ~ 5-10ms higher than the rtt via wan,
it B can't be in the middle.
My Questions:
* Is this (nodes can talk to eachother without having the crypto keys) the
correct behavior?
* What can I do get my desired behavior (only nodes sharing the keys of
eachother can talk) ?
* sending a killall -USR2 tincd gets me a lot of nice debug stuff. Is there a
documentation what is meant by the option value and the weight value?
* Is there a posibility to resolve the routing path through a tinc mesh?
I don't want to setup two vpns because my scenario is more complex: It
involves seven nodes and I want to define for each and everyone of them to
which other nodes they may talk to.
Any hints?
Thanks
Frithjof
More information about the tinc
mailing list