Persistent tun/tap
Guus Sliepen
guus at tinc-vpn.org
Mon Jan 25 16:20:20 CET 2016
On Mon, Jan 25, 2016 at 03:14:59PM +0000, mlist wrote:
> Ok. I'm configuring my iptables scripts so that specific iptables rules for virtual network interfaces used for tinc go on tinc-up-fw and tinc-down-fw custom scripts. When I reload iptables rules manually to apply changes iptables scripts flush all chains and reapply rules and now also search in /etc/tinc/<netname>/ directories if the related virtual network interface is up and running and if so it reapply every tinc-up-fw, so probably we do not need anymore a persistent tun virtual interface ever up.
Note that you can create iptables rules for interfaces that don't exist
yet. So you can just have the rules for your VPN interfaces loaded at
boot before tinc, that should be fine. The rules will also stay around
even if the interface is deleted again.
> Has tinc possibility to pass a custom env veriable like $INTERFACE, etc ? it be very useful, for example for DEBUG, so tinc passes on variable to all scripts in which we can put DEBUG messages (tinc-up, tinc-down, host-up. host-down, ...) and to sub custom scripts we create, called by standard tinc scripts.
A list of available environment variables that are passed to scripts can
be found in the manual:
http://tinc-vpn.org/documentation/Scripts.html#Scripts
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160125/a1faf09b/attachment.sig>
More information about the tinc
mailing list