<div dir="ltr">Hi everyone , <br>i have a few questions/problems with tinc , which i need to address ASAP , so i'll make it brief .<br>i have 33 sites , connected with each other using wan , <br>in each site , there are two linux firewalls + 3-4 more servers , i preferred to have a full mesh within my network , <br>
but unfortunately it was not possible , when i wanted every site to be connected to every other , as the number of hosts increased there was some unexplainable abnormalities , so i decided to connect every site to 3-4 other firewalls . so with this approach the whole network is unified , of course not directly . <br>
so right now my unsolved problems are as follows :<br><br>1. SIP/IAX doesn't work over the tinc network , but on tinc edge it works , imagine the following situation:<br>SIP/IAX Server A --network A---- > Firewall A ---tinc---> Firewall B ---Network B--> SIP/IAX Server B<br>
this approach doesn't work !!<br>but if i put SIP/IAX server on the firwall B , and use the tinc internal ip address , the trunk works .. <br><br>2. i want to use 2 firewalls in each site , as failover tinc routers , so what i've basically done is that i've put two tinc nodes in every site , <br>
and configured them with the same Subnet in tinc hosts , but the problem arises with the fact that , the other nodes in each site , only have one of the servers as default gateway and if the request comes from the other it's unanswered , i wanted to fix this problem with iptables mangle , <span class="st"><em>iptables</em> -A PREROUTING -t <em>mangle</em> -i tci -j <em>MARK</em> --set-<em>mark</em></span> 1 , but strange enough iptables didn't mark it (why?) <br>
so i thought of another solution which is that i'd use keepalived with tinc , like copy the same private key on two servers , bring one up , if the server goes down , keepalive would bring tinc down , and <i>bring the other server's tinc up</i> , is it possible ?<br>
<br>3. i have concerns about not having a full mesh , the problem was that , when the number of concurrent connection went above 12 , the network wasn't as good as before , am i doing something wrong ? is it possible to fix it another how ?<br>
<br>4. should i connect the two firewalls in each provience together , if i don't use keepalived ofcourse , like add a connect to from server A1 to A2 ????<br><br>5. i have concerns about tinc routing table , can someone point me to the right documentation ??<br>
<br>6. in a mesh , is there any utility which would make it easy to identify which hosts are directly connected to (hosts from connectto)<br><br><br></div>