<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hello,<br>
      <br>
      On 4/11/2018 9:20 PM, Etienne Dechamps wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote"><br>
            <div>No, the "via" option doesn't have any effect, because
              it only has effect at layer 2, e.g. on an Ethernet
              network. tinc running in router mode is a layer 3 (IP)
              network, not a layer 2 (Ethernet) network.<br>
              <br>
            </div>
            <div>When you use that option on a layer 2 network such as
              Ethernet, the "via" option determines which layer 2 host
              (i.e. which MAC address, after ARP resolution) the packet
              will go to. In "router mode" tinc there are no MAC
              addresses, and tinc decides where to send packets based on
              destination IP address, not the kernel.<br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    Thank you for that info. I did not realize the part about the MAC
    address when using system/kernel routing. That makes a lot of sense.
    It explains other issues I had in the past with (for me) unexpected
    behaviour of tinc. <br>
    <br>
    <blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <div> </div>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
              0.8ex;border-left:1px solid
              rgb(204,204,204);padding-left:1ex">
              <div bgcolor="#FFFFFF">
                <div
                  class="m_-3827124086505017653gmail-m_3031601068662149481moz-cite-prefix">So
                  is there a way to send packets to a specific gateway
                  ip using ip route?  <br>
                </div>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>If you change the tinc mode to "switch", then your tinc
              VPN will behave just like a physical Ethernet network, and
              the "via" option will work just like it does on a real
              network. But note that setting that option comes with a
              long list of consequences and is quite a radical, breaking
              change. (Also keep in mind that all nodes on your network
              need to use the same mode.)</div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    No. I really do not want to use tinc in switch mode. <br>
    <br>
    <blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <div>An alternative solution to your problem, besides going
              one layer down, would be to go one layer up: you could set
              up a "tunnel within the tunnel", i.e. hosta could
              establish a tunnel to hostc *on top of* the tinc VPN.
              Then, if you want certain packets to go through hostc, you
              can just send them through that tunnel and you're done. I
              am actually using such a solution for a special purpose on
              my own tinc network right now. The simplest solution for
              the tunnel is to use IP/IP, which has minimal overhead and
              is easy to understand and troubleshoot. I contributed some
              code to tinc that provides better support for that use
              case: <a href="https://github.com/gsliepen/tinc/pull/166"
                target="_blank" moz-do-not-send="true">https://github.com/gsliepen/<wbr>tinc/pull/166</a></div>
          </div>
        </div>
      </div>
    </blockquote>
    Thanks for that suggestion. <br>
    <br>
    I am using the ip/ip tunnel over tinc construction now and it works
    like a charm. Very easy to implement too. <br>
    <br>
    Thank you all for helping me out and making me understand tinc a
    little better. <br>
    <br>
    Regards<br>
    <br>
    Hans<br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <blockquote type="cite"
cite="mid:CAAAz6HRVLRfMwWowFpX77Se6fuWgoNjJ8VP8JsfQRCmBjZAU3g@mail.gmail.com">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
              0.8ex;border-left:1px solid
              rgb(204,204,204);padding-left:1ex">
              <div bgcolor="#FFFFFF"><span
                  class="m_-3827124086505017653gmail-">
                  <pre>
</pre>
                </span>
                <blockquote type="cite"><span
                    class="m_-3827124086505017653gmail-"> </span></blockquote>
                <p><br>
                </p>
              </div>
              <br>
              ______________________________<wbr>_________________<br>
              tinc mailing list<br>
              <a href="mailto:tinc@tinc-vpn.org" target="_blank"
                moz-do-not-send="true">tinc@tinc-vpn.org</a><br>
              <a
                href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc"
                rel="noreferrer" target="_blank" moz-do-not-send="true">https://www.tinc-vpn.org/cgi-b<wbr>in/mailman/listinfo/tinc</a><br>
              <br>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>