How to block tinc node advertise it's neighbor/edge/subnet info to another node?
Raul Dias
raul at dias.com.br
Wed Jul 26 04:26:46 CEST 2017
On 7/25/17 10:51 PM, Bright Zhao wrote:
> I can think of run two tinc network which are two processes, other than this, any other easier way to make it as one network, but B doesn’t advertise the info from one side to the other side?
Yep, create a different network ( /etc/tinc/network2 ) and make it
listen (if listening) on a different port.
A <---------------> B <-----------> C
10.1.2.X/24 | 10.1.2.X/24
| 10.2.2.X/24 | 10.2.2.X/24
So each tinc daemon with a /16 is fine.
No way for A <--> C, unless, A and C know about each other and add
routes using B as gateway.
So B explicitly needs to firewall this situation if necessary.
-rsd
More information about the tinc
mailing list