<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hello,<br>
<br>
On 4/11/2018 9:20 PM, Etienne Dechamps wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><br>
<div>No, the "via" option doesn't have any effect, because
it only has effect at layer 2, e.g. on an Ethernet
network. tinc running in router mode is a layer 3 (IP)
network, not a layer 2 (Ethernet) network.<br>
<br>
</div>
<div>When you use that option on a layer 2 network such as
Ethernet, the "via" option determines which layer 2 host
(i.e. which MAC address, after ARP resolution) the packet
will go to. In "router mode" tinc there are no MAC
addresses, and tinc decides where to send packets based on
destination IP address, not the kernel.<br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
Thank you for that info. I did not realize the part about the MAC
address when using system/kernel routing. That makes a lot of sense.
It explains other issues I had in the past with (for me) unexpected
behaviour of tinc. <br>
<br>
<blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div
class="m_-3827124086505017653gmail-m_3031601068662149481moz-cite-prefix">So
is there a way to send packets to a specific gateway
ip using ip route? <br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>If you change the tinc mode to "switch", then your tinc
VPN will behave just like a physical Ethernet network, and
the "via" option will work just like it does on a real
network. But note that setting that option comes with a
long list of consequences and is quite a radical, breaking
change. (Also keep in mind that all nodes on your network
need to use the same mode.)</div>
</div>
</div>
</div>
</blockquote>
<br>
No. I really do not want to use tinc in switch mode. <br>
<br>
<blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>An alternative solution to your problem, besides going
one layer down, would be to go one layer up: you could set
up a "tunnel within the tunnel", i.e. hosta could
establish a tunnel to hostc *on top of* the tinc VPN.
Then, if you want certain packets to go through hostc, you
can just send them through that tunnel and you're done. I
am actually using such a solution for a special purpose on
my own tinc network right now. The simplest solution for
the tunnel is to use IP/IP, which has minimal overhead and
is easy to understand and troubleshoot. I contributed some
code to tinc that provides better support for that use
case: <a href="https://github.com/gsliepen/tinc/pull/166"
target="_blank" moz-do-not-send="true">https://github.com/gsliepen/<wbr>tinc/pull/166</a></div>
</div>
</div>
</div>
</blockquote>
Thanks for that suggestion. <br>
<br>
I am using the ip/ip tunnel over tinc construction now and it works
like a charm. Very easy to implement too. <br>
<br>
Thank you all for helping me out and making me understand tinc a
little better. <br>
<br>
Regards<br>
<br>
Hans<br>
<br>
<br>
<br>
<br>
<br>
<br>
<blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span
class="m_-3827124086505017653gmail-">
<pre>
</pre>
</span>
<blockquote type="cite"><span
class="m_-3827124086505017653gmail-"> </span></blockquote>
<p><br>
</p>
</div>
<br>
______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank"
moz-do-not-send="true">tinc@tinc-vpn.org</a><br>
<a
href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://www.tinc-vpn.org/cgi-b<wbr>in/mailman/listinfo/tinc</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>