using both ConnectTo and AutoConnect to avoid network partitions
Nirmal Thacker
nirmalthacker at gmail.com
Thu Aug 31 19:40:39 CEST 2017
Hi Guus
Following your suggestion we reconfigured our tinc network as follows.
Here is a new graph and below is our updated configuration:
http://imgur.com/a/n6ksh
- 2 Tinc nodes (yellow labels) have a public external IP and port 655 open.
They both have ConnectTo's to each other and AutoConnect = yes
- The remainder tinc nodes (blue labels) have their tinc.conf set up as
follows:
ConnectTo = yellow1
ConnectTo = yellow2
AutoConnect = yes
- Blue labeled nodes also have their port 655 open, but no node in the
network has a ConnectTo to any blue labeled node
- we are still using tinc1.1pre14
- The configuration was loaded by ensuring:
- each node has the keys and Address for their ConnectTo targets
- tinc was reloaded using the command: sudo tinc -n <vpn_name> reload
The main motivation to do this: To avoid the network split bug we hit, that
was addressed earlier in this email and to do this by ensuring deliberate
and redundant connections to yellow1 and yellow2
We are concerned that:
- We still dont see edges in the graph that show connections between every
blue labeled node to both the yellow labeled nodes
Any reason why we dont see these edges?
Is there something missing in our configuration?
Thanks
-nirmal
On Tue, Aug 22, 2017 at 11:08 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Tue, Aug 22, 2017 at 03:19:18PM -0700, Nirmal Thacker wrote:
>
> > - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to
> > upgrade to?
>
> There will be an 1.1pre15, but if you want you can apply the following
> commit:
>
> https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=
> 92fdabc439bdb5e16f64a4bf2ed1deda54f7c544
>
> > - What is the workaround until we patch with this fix? Using a
> combination
> > of AutoConnect and ConnectTo?
>
> Yes.
>
> > - When we use ConnectTo, is it mandatory to have a cert file in the
> hosts/*
> > dir with an IP to ConnectTo ?
>
> Yes. Tinc always needs the public key of a peer and an Address in order
> to be able to connect to it.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170831/365f43ae/attachment.html>
More information about the tinc
mailing list