Allow direct connection between some (but not all) nodes on the network

Guillermo Bisheimer gbisheimer at bys-control.com.ar
Sat Dec 24 04:12:15 CET 2016


I'm using tinc 1.1pre14 to establish a VPN between 10 servers and a few
administration clients. I have a central server that runs Tinc and all
other servers and clients connect to it. I need the to be able to establish
a direct connection between the administration clients and the servers, but
block the server between each other.

I couldn't find a way to do this with tinc, but meantime I'm using the
options Forwarding=kernel and tunnel_server=yes and a bunch of firewall
rules in order to accomplish the network topology I need. I don't have
direct connection between admin clients and the servers, but it works.

When I set tunnel_server=no (default value) and a server connects to the
central server, it receives all host keys that are available in the central
server and other connected clients. I would like to be able to tell the
central server which host keys each connected peer is allowed to receive.
This way I could run tinc in full mesh mode but I can build any network
topology I need.

Is there a way to do this?

Thanks!!!
-- 

*Ing. Guillermo Bisheimer*

*B&S Sistemas de Control y Equipamientos*

Av. de los Constituyentes 1172

(E3116CIX) Crespo, Entre Ríos

Tel/Fax: (0343) 407-8990 (Nuevo número)

Cel: (0343) 154679052

WEB: www.bys-control.com.ar

e-mail: gbisheimer at bys-control.com.ar

skype: guillermo.bisheimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20161224/8afdde67/attachment.html>


More information about the tinc mailing list