Persistent tun/tap
mlist
mlist at apsystems.it
Mon Jan 25 16:49:44 CET 2016
Yes, I know it is possible to insert iptables rule also without interface presence, but I never tested. If you tell this I trust your experience, but I prefer to have clean system configuration, so all is linked to something, without leaving unused system configuration, mainly for security components, also our firewalls have complex configuration, but using this dynamic management leave persistent virtual network interface or rules all active no more useful.
I read documentation about env variables, but those variables are all internal variables tinc inject about its component state/name, how can for example I can tell tinc to send $DEBUG state variable to each stage so I can write on system log custom messages in different stages ? It'd be very useful, instead of defining same variable on each different standard script (script scope variable).
Roberto
-----Original Message-----
From: tinc [mailto:tinc-bounces a tinc-vpn.org] On Behalf Of Guus Sliepen
Sent: lunedì 25 gennaio 2016 16.20
To: tinc a tinc-vpn.org
Subject: Re: Persistent tun/tap
On Mon, Jan 25, 2016 at 03:14:59PM +0000, mlist wrote:
> Ok. I'm configuring my iptables scripts so that specific iptables rules for virtual network interfaces used for tinc go on tinc-up-fw and tinc-down-fw custom scripts. When I reload iptables rules manually to apply changes iptables scripts flush all chains and reapply rules and now also search in /etc/tinc/<netname>/ directories if the related virtual network interface is up and running and if so it reapply every tinc-up-fw, so probably we do not need anymore a persistent tun virtual interface ever up.
Note that you can create iptables rules for interfaces that don't exist
yet. So you can just have the rules for your VPN interfaces loaded at
boot before tinc, that should be fine. The rules will also stay around
even if the interface is deleted again.
> Has tinc possibility to pass a custom env veriable like $INTERFACE, etc ? it be very useful, for example for DEBUG, so tinc passes on variable to all scripts in which we can put DEBUG messages (tinc-up, tinc-down, host-up. host-down, ...) and to sub custom scripts we create, called by standard tinc scripts.
A list of available environment variables that are passed to scripts can
be found in the manual:
http://tinc-vpn.org/documentation/Scripts.html#Scripts
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus a tinc-vpn.org>
More information about the tinc
mailing list