Subnet specification for tinc node as default gateway

Nikolaus Rath Nikolaus at rath.org
Mon Sep 2 05:39:37 CEST 2013



Guus Sliepen <guus-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org> writes:
> On Sun, Sep 01, 2013 at 03:35:01PM -0700, Nikolaus Rath wrote:
>
>> > Did you restart the tincd on the gateway after you added that Subnet? It should
>> > work otherwise.
>> 
>> Duh. No, I didn't. I didn't even add the extra subnet on the
>> gateway. Now that I've done that, it seems to work. Thanks!
>> 
>> 
>> I'm still confused why this is necessary though. Why isn't it enough to
>> define the subnet in the local tinc's configuration? At the moment it
>> seems that even for the local tinc instance, the subnet specification on
>> the remote server takes precedence. That's a bit counterintuitive - then
>> why am I specifying the subnets for every node on every node in the
>> first place?
>
> Assuming you don't use TunnelServer or StrictSubnets, you don't have to. You
> only have to specify the Subnet a host uses on that host itself. It announces
> those Subnets to all the other nodes via the meta protocol. It ignores Subnets
> from all host config files but its own. Also, even if you could specify Subnets
> for another node locally, that wouldn't help; as soon as those packets reach
> that other node, that node doesn't know what to do with them (well, unless you
> use Forwarding = kernel).

Ah, I get it. I was assuming it'd be the other way around. But now that
I now it, it does make sense.


Thanks!

   -Nikolaus

-- 
 »Time flies like an arrow, fruit flies like a Banana.«

  PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C



More information about the tinc mailing list