Multiple Tinc servers HA cross multiple regions

风声 fengsheng.10 at gmail.com
Tue Feb 2 13:38:00 CET 2016


Hi,

I spend some time to investigate tinc to see how use it, Tinc is really
good.
I met some wired issue, maybe some guys can do me a favor.

In my case, there are 3 regions, and 2 servers in each region, total 6
servers.
each of servers will connect the servers in other regions, but no
connection to server in same region in configuration.

Region us-east
Region us-west
Region uk

tinc.conf like:

Name = useast1
AddressFamily = ipv4
GraphDumpFile = /var/log/tinc/tinc.graph
KeyExpire = 3600
mode = router
PingInterval = 10
PingTimeout = 5
ProcessPriority = high
ConnectTo = uswest1
ConnectTo = uswest2

2 servers in each region with the same subnet

/etc/tinc/NETWORK/hosts in us-east like:

Region us-east
Address = x.x.x.x
Cipher = aes-128-gcm
#Compression = 10
Digest = sha1
Subnet = 10.21.0.0/16#5
Subnet = 10.21.0.71/32


Address = x.x.x.x
Cipher = aes-128-gcm
#Compression = 10
Digest = sha1
Subnet =  10.21.0.0/16#8
Subnet = 10.21.0.44/3

1.when I ping some ip in us-east subnet behind the us-east tinc server from
uk tinc server, it works well, it will go through one of them

tinc on uk ---> tinc server-1 on us-east --> server behind tinc

2.when I stop tinc, it will pick another tinc server in us-east to reach
destination address

tinc on uk ---> tinc server-2 on us-east --> server behind tinc

3.but when I block ping on the active tinc server with iptables, the ping
request will goto us-west, then goto us-east tinc server

tinc on uk ---> tinc server on us-west --> tinc server-1 on us-east -->
server behind tinc

Why tinc can not use another tinc server same like #2, I tried
LocalDiscovery, subnet with priority, but it doesn't work like my thoughts.

My tinc version is 1.0.26, do I need to upgrade to 1.1 ?

Thank you very much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160202/c11e9532/attachment.html>


More information about the tinc mailing list