Route certain trafic via a tinc node that is not directly connected.
Hans de Groot
hansg at dandy.nl
Thu Apr 12 14:27:10 CEST 2018
Hello,
On 4/11/2018 9:20 PM, Etienne Dechamps wrote:
>
> No, the "via" option doesn't have any effect, because it only has
> effect at layer 2, e.g. on an Ethernet network. tinc running in router
> mode is a layer 3 (IP) network, not a layer 2 (Ethernet) network.
>
> When you use that option on a layer 2 network such as Ethernet, the
> "via" option determines which layer 2 host (i.e. which MAC address,
> after ARP resolution) the packet will go to. In "router mode" tinc
> there are no MAC addresses, and tinc decides where to send packets
> based on destination IP address, not the kernel.
Thank you for that info. I did not realize the part about the MAC
address when using system/kernel routing. That makes a lot of sense. It
explains other issues I had in the past with (for me) unexpected
behaviour of tinc.
> So is there a way to send packets to a specific gateway ip using
> ip route?
>
>
> If you change the tinc mode to "switch", then your tinc VPN will
> behave just like a physical Ethernet network, and the "via" option
> will work just like it does on a real network. But note that setting
> that option comes with a long list of consequences and is quite a
> radical, breaking change. (Also keep in mind that all nodes on your
> network need to use the same mode.)
No. I really do not want to use tinc in switch mode.
> An alternative solution to your problem, besides going one layer down,
> would be to go one layer up: you could set up a "tunnel within the
> tunnel", i.e. hosta could establish a tunnel to hostc *on top of* the
> tinc VPN. Then, if you want certain packets to go through hostc, you
> can just send them through that tunnel and you're done. I am actually
> using such a solution for a special purpose on my own tinc network
> right now. The simplest solution for the tunnel is to use IP/IP, which
> has minimal overhead and is easy to understand and troubleshoot. I
> contributed some code to tinc that provides better support for that
> use case: https://github.com/gsliepen/tinc/pull/166
> <https://github.com/gsliepen/tinc/pull/166>
Thanks for that suggestion.
I am using the ip/ip tunnel over tinc construction now and it works like
a charm. Very easy to implement too.
Thank you all for helping me out and making me understand tinc a little
better.
Regards
Hans
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
> <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180412/66300ed8/attachment.html>
More information about the tinc
mailing list