<div dir="ltr"><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div>Hi Guus<br><br></div>Following your suggestion we reconfigured our tinc network as follows. <br></div><div>Here is a new graph and below is our updated configuration: <a href="http://imgur.com/a/n6ksh">http://imgur.com/a/n6ksh</a><br><br></div>- 2 Tinc nodes (yellow labels) have a public external IP and port 655 open. They both have ConnectTo's to each other and AutoConnect = yes<br></div>- The remainder tinc nodes (blue labels) have their tinc.conf set up as follows:<br></div> ConnectTo = yellow1<br></div> ConnectTo = yellow2<br></div> AutoConnect = yes<br></div>- Blue labeled nodes also have their port 655 open, but no node in the network has a ConnectTo to any blue labeled node<br></div>- we are still using tinc1.1pre14<br></div>- The configuration was loaded by ensuring:<br></div> - each node has the keys and Address for their ConnectTo targets<br></div> - tinc was reloaded using the command: sudo tinc -n <vpn_name> reload</div><div><br></div><div>The main motivation to do this: To avoid the network split bug we hit, that was addressed earlier in this email and to do this by ensuring deliberate and redundant connections to yellow1 and yellow2</div><div><br></div>We are concerned that:<br></div>- We still dont see edges in the graph that show connections between every blue labeled node to both the yellow labeled nodes<br><br></div>Any reason why we dont see these edges?<br><br></div>Is there something missing in our configuration?<br><br></div>Thanks<br><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"> -nirmal</div></div>
<br><div class="gmail_quote">On Tue, Aug 22, 2017 at 11:08 PM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, Aug 22, 2017 at 03:19:18PM -0700, Nirmal Thacker wrote:<br>
<br>
> - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to<br>
> upgrade to?<br>
<br>
</span>There will be an 1.1pre15, but if you want you can apply the following<br>
commit:<br>
<br>
<a href="https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=92fdabc439bdb5e16f64a4bf2ed1deda54f7c544" rel="noreferrer" target="_blank">https://tinc-vpn.org/git/<wbr>browse?p=tinc;a=commitdiff;h=<wbr>92fdabc439bdb5e16f64a4bf2ed1de<wbr>da54f7c544</a><br>
<span class=""><br>
> - What is the workaround until we patch with this fix? Using a combination<br>
> of AutoConnect and ConnectTo?<br>
<br>
</span>Yes.<br>
<span class=""><br>
> - When we use ConnectTo, is it mandatory to have a cert file in the hosts/*<br>
> dir with an IP to ConnectTo ?<br>
<br>
</span>Yes. Tinc always needs the public key of a peer and an Address in order<br>
to be able to connect to it.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</div></div><br>______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>