>Yep, each node contact the other to distribute the network information. Can this be switched off? What exactly does the parameter "TunnelServer = <yes|no> (no) [experimental]" do? The description sounds more or less like it.
> Tinc only give you a virtual interface.... Is your job to resolve > routing or filtering issue. What I meant was the routing done by the tinc daemon. It states on the tinc website: "VPN traffic is always (if possible) sent directly to the destination, without going through intermediate hops." In other words: If it is not possible to send traffic directly, it will be routed by the tincd. Correct? This brings me to my next question: If there is no intermediate hop and both nodes haven't the key from the other node, how can the traffic be encrypted? >Use iptables for access restrictions. I don't like the Idea. The blocked far end could simple use a IP Address from the range of the allowed nodes. >> * Is this (nodes can talk to eachother without having the crypto keys) the >> correct behavior? >Yes, that's one of the advantages of using tinc. Then why use different keys for each node and not a shared key for everyone? Greetings Frithjof _______________________________________________ tinc mailing list [email protected] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
