Routing and keying Questions

Frithjof Hammer mail at frithjof-hammer.de
Sun Jul 6 21:45:30 CEST 2008


>Yep, each node contact the other to distribute the network information.
Can this be switched off? What exactly does the parameter "TunnelServer = 
<yes|no> (no) [experimental]" do? The description sounds more or less like 
it.

> Tinc only give you a virtual interface.... Is your job to resolve
> routing or filtering issue.

What I meant was the routing done by the tinc daemon. It states on the tinc 
website: 

"VPN traffic is always (if possible) sent directly to the destination, without 
going through intermediate hops."

In other words: If it is not possible to send traffic directly, it will be 
routed by the tincd. Correct?

This brings me to my next question: If there is no intermediate hop and both 
nodes haven't the key from the other node, how can the traffic be encrypted? 

>Use iptables for access restrictions.
I don't like the Idea. The blocked far end could simple use a IP Address from 
the range of the allowed nodes.

>> * Is this (nodes can talk to eachother without having the crypto keys) the
>> correct behavior?
>Yes, that's one of the advantages of using tinc.

Then why use different keys for each node and not a shared key for everyone? 

Greetings
Frithjof


More information about the tinc mailing list