<div dir="ltr">Thank you for the reply. I'll take a look at the patch and see if I can use it. My current solution was to just implement iptables rules on each of the endpoints, which isn't the worst way to go. I'll probably need to use the patch if I want to control the traffic on the service level.<div><br></div><div>Thanks again!</div><div><br></div><div>J</div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Sep 7, 2015 at 12:29 AM Saverio Proto <<a href="mailto:zioproto@gmail.com">zioproto@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> I'm mostly looking for guidance on whether it is possible for daemons to<br>
> only accept traffic from specific daemons in switch mode. If so, what am I<br>
> doing wrong with my subnet configurations that won't let me even ping from<br>
> one daemon to the server when TunnelMode is yes?<br>
<br>
check if this patch still applies:<br>
<a href="https://github.com/zioproto/fairvpn/blob/master/tarballs-patches/tinc/tinc-1.0.13-fairvpn.patch" rel="noreferrer" target="_blank">https://github.com/zioproto/fairvpn/blob/master/tarballs-patches/tinc/tinc-1.0.13-fairvpn.patch</a><br>
<br>
it should work.<br>
<br>
By default tinc will try to have a full mesh of connection between the<br>
nodes of the VPN.<br>
With this patch and TunnelServer yes you will have the data<br>
connections only where you have a explicit ConnectTo statement.<br>
<br>
regards<br>
<br>
Saverio<br>
_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
</blockquote></div><div dir="ltr">-- <br></div><div dir="ltr"><p dir="ltr">J</p>
</div>