<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Thanks, let me give a try, and get back to you.<div class=""><br class=""></div><div class="">:-)</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 1 May 2017, at 3:29 PM, Narcissus Emi <<a href="mailto:eminarcissus@gmail.com" class="">eminarcissus@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">I don't really think Address config in node description will decide it will listening for the public connection or not. From my own case, even if a real private node(pppoe dynamic address, tcp port listening not allowed, but Udp allowed) can have a p2p direct connection, I think it based on udp NAT traverse, but if you use TCPonly for this node, and also forbidden the incoming traffic to this public TCP port, it will definitely working on a intermediate only mode. Maybe just try it out,l ;)<br class=""> <br class=""><div class="bloop_sign"><div class="">-- <br class="">Narcissus Emi</div></div><p class="gmail_quote" style="">日時: 2017年5月1日 15:24:26, Bright Zhao (<a href="mailto:startryst@gmail.com" class="">startryst@gmail.com</a>) が書きました::</p> <blockquote type="cite" class="gmail_quote"><span class=""><div style="word-wrap:break-word" class=""><div class=""></div><div class="">
<title class=""></title>
Oh, thanks, in my current case, I haven’t config “Address”
parameter in A’s host config, is this will make A prohibited it
listen on the tinc ports?
<div class=""><br class=""></div>
<div class="">Question: </div>
<div class="">1. if I config “Address” in A’s config, and even
though A is in a private subnet, it might still possible for A to
establish connection with X(X is public IP address)?</div>
<div class="">2. If there any parameter to disable the direct
connection discovery, and only allow to through intermediate
node?</div>
<div class="">
<div class=""><br class=""></div>
<div class=""><br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On 1 May 2017, at 3:16 PM, Narcissus Emi <<a href="mailto:eminarcissus@gmail.com" class="">eminarcissus@gmail.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">Indeed it depends, tinc will have a port listening
for incoming connections(both tcp and udp), if A have exposed its
listening ports, a direct connection will be tried to build between
the nodes, otherwise it will go from the intermediate
node.<br class="">
<br class="">
<div class="bloop_sign">
<div class="">-- <br class="">
Narcissus Emi</div>
</div><p class="gmail_quote" style="">日時: 2017年5月1日 15:12:16, Bright Zhao
(<a href="mailto:startryst@gmail.com" class="">startryst@gmail.com</a>) が書きました::</p>
<blockquote type="cite" class="gmail_quote"><span class=""></span>
<div style="word-wrap:break-word" class=""><span class=""></span>
<div class=""><span class=""></span></div>
<div class=""><span class="">H, Narcissus</span>
<div class=""><span class=""><br class=""></span></div>
<div class=""><span class="">Quick one for the below case, if node
A have a direct connection to node B, and node B have a connection
to node X, then I found node A will be able to talk to node X, but
the communication path is go through node B, instead of build
direct connection between A and X, is that right? I tested this in
my environment.</span></div>
<div class=""><span class=""><br class=""></span></div>
<div class=""><span class="">A >> B >> X</span></div>
<div class=""><span class=""><br class=""></span></div>
<div class=""><span class=""></span>
<div class=""><span class=""></span>
<blockquote type="cite" class=""><span class=""></span>
<div class=""><span class="">On 1 May 2017, at 3:07 PM, Narcissus
Emi <<a href="mailto:eminarcissus@gmail.com" class="">eminarcissus@gmail.com</a>> wrote:</span></div>
<span class=""><br class="Apple-interchange-newline"></span>
<div class=""><span class=""></span>
<div class=""><span class="">X-up is being called when any
connection is being built between node A and node X, it doesn't
have anything to do whether you have connectTo in the config file
or not.</span>
<div class=""><span class="">Because tinc is a mesh network, if
node A have a direct connection to node B, and node B have a
connection to node X, you can have a connection between A and X,
and X-up is being called at the moment when it built a connection
on demand.<br class="">
<br class=""></span>
<div class="bloop_sign"><span class=""></span>
<div class=""><span class="">-- <br class="">
Narcissus Emi</span></div>
</div><p class="gmail_quote" style=""><span class="">日時: 2017年5月1日
14:15:14, Bright Zhao (<a href="mailto:startryst@gmail.com" class="">startryst@gmail.com</a>) が書きました::</span></p>
<blockquote type="cite" class="gmail_quote"><span class=""><span class=""></span></span>
<div class=""><span class=""></span>
<div class=""><span class=""></span></div>
<div class=""><span class="">Hi, Tinc Expert<br class="">
<br class="">
in my tinc.conf, the ConnectTo to host X is commented, like
below:<br class="">
<br class="">
#ConnectTo = X<br class="">
<br class="">
and there is a script: /etc/tinc/netname/hosts/X-up, I thought
commented the ConnectTo X wouldn’t trigger the X-up, but it
did.<br class="">
<br class="">
Why? What’s the logic behind to trigger host-up? How can I avoid
this except remove the host-up file?<br class="">
<br class="">
<br class="">
Bright Zhao<br class="">
_______________________________________________<br class="">
tinc mailing list<br class="">
<a href="mailto:tinc@tinc-vpn.org" class="">tinc@tinc-vpn.org</a><br class="">
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" class="">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br class="">
</span></div>
</div>
</blockquote>
</div>
</div>
_______________________________________________<br class="">
tinc mailing list<br class="">
<a href="mailto:tinc@tinc-vpn.org" class="">tinc@tinc-vpn.org</a><br class="">
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" class="">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br class="">
</div>
</blockquote>
</div>
<br class=""></div>
_______________________________________________<br class="">
tinc mailing list<br class="">
<a href="mailto:tinc@tinc-vpn.org" class="">tinc@tinc-vpn.org</a><br class="">
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" class="">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br class="">
</div>
</div>
</blockquote>
</div>
_______________________________________________<br class="">
tinc mailing list<br class="">
<a href="mailto:tinc@tinc-vpn.org" class="">tinc@tinc-vpn.org</a><br class="">
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" class="">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br class=""></div>
</blockquote>
</div>
<br class=""></div>
</div>
_______________________________________________<br class="">tinc mailing list<br class=""><a href="mailto:tinc@tinc-vpn.org" class="">tinc@tinc-vpn.org</a><br class=""><a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" class="">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br class=""></div></div></span></blockquote></div>
_______________________________________________<br class="">tinc mailing list<br class=""><a href="mailto:tinc@tinc-vpn.org" class="">tinc@tinc-vpn.org</a><br class="">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc<br class=""></div></blockquote></div><br class=""></div></body></html>