Routing and keying Questions
Frithjof Hammer
mail at frithjof-hammer.de
Sun Jul 6 21:45:30 CEST 2008
>Yep, each node contact the other to distribute the network information.
Can this be switched off? What exactly does the parameter "TunnelServer =
<yes|no> (no) [experimental]" do? The description sounds more or less like
it.
> Tinc only give you a virtual interface.... Is your job to resolve
> routing or filtering issue.
What I meant was the routing done by the tinc daemon. It states on the tinc
website:
"VPN traffic is always (if possible) sent directly to the destination, without
going through intermediate hops."
In other words: If it is not possible to send traffic directly, it will be
routed by the tincd. Correct?
This brings me to my next question: If there is no intermediate hop and both
nodes haven't the key from the other node, how can the traffic be encrypted?
>Use iptables for access restrictions.
I don't like the Idea. The blocked far end could simple use a IP Address from
the range of the allowed nodes.
>> * Is this (nodes can talk to eachother without having the crypto keys) the
>> correct behavior?
>Yes, that's one of the advantages of using tinc.
Then why use different keys for each node and not a shared key for everyone?
Greetings
Frithjof
More information about the tinc
mailing list