"Mode Switch" and "Tunnelserver Yes" cause unnecessary traffic to clients (proposed patch)

Guus Sliepen guus at tinc-vpn.org
Fri Apr 23 15:09:57 CEST 2010


> the IndirectData option is not working for me :(
> 
> I updated my testbed to tinc 1.0.13 and I configured "IndirectData =
> yes" instead of "TunnelServer = Yes"
> 
> The config is very basic:
>  * Name
>  * Mode = switch
>  * IndirectData = Yes
>  * Two ConnectTo statements
> 
> However, the result is that I obtain a full mesh between the 10 nodes
> I have in my testbed. So tincd establishes a VPN link even with the
> nodes not specified in the ConnectTo statements.

Well, IndirectData will force data to go "by the server", as you mentioned in
your original mail, but tinc on the server will still forward it to the
destination. So it will not be a full mesh, but routed over your hub-and-spoke
network.

If you want to disable packet forwarding, or have the firewall on the server
process those packets, use "Forwarding = off" or "Forwarding = kernel" in the
server's tinc.conf.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100423/f2665daa/attachment.pgp>


More information about the tinc mailing list