Connecting two overlay meshes into a single mesh
Guus Sliepen
guus at tinc-vpn.org
Wed Apr 4 12:35:28 CEST 2012
On Wed, Apr 04, 2012 at 01:30:14AM +0200, Ivan Vilata i Balaguer wrote:
> I've been able to perform a simple test with four machines (set up like
> nodeA2, GWA, GWB and nodeB3) and it worked like a charm. I had to add
> GWA and GWB's own addresses as Subnets because otherwise I couldn't ping
> them: when pinging GWB from GWA Tinc complained of the "Packet looping
> back" to itself. I guess GWA had no other way to know that GWB wasn't
> in its own Subnet than GWB being explicit about that.
That is correct.
> > It is OK to have two identical Subnets, however, one will have
> > priority over the other. So, while GWA and GWB are connected, packets
> > to X.Y.0.1 will go most likely only to GWA, whether it is sent from
> > nodeA2 or nodeB3. You can manually adjust the priority of Subnets (see
> > the manual).
>
> Sorry, but I don't understand. Nodes in Network A/B (except GWx) don't
> have access to the Internet (not even NAT), so nodeB3 doesn't even know
> GWA exists. In this case I guess priorities don't matter much since a
> node can only see the GWx in its network.
It doesn't matter that the nodes in network A do not have access to the
Internet. Once they are connected to GWA, they will learn the Subnets of all
other nodes in the VPN, including those at network B.
> Just for curiosity: do GWx share the Subnets they know, or do they
> simply handle a datagram for a Subnet they don't know to the other one?
They share the Subnets.
> In the first case, I guess there'd be no problem in extending the number
> of GWx hosts (and thus connected networks) arbitrarily. Is that true?
Yes, you can in principle have as many nodes as you like, and you can connect
them in any way you like.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120404/36130d16/attachment.pgp>
More information about the tinc
mailing list