Hi > > Is there a documentation what is meant by the option value and the weight > > value? > > Node weights are the approximate latency of the node. Higher weight = > slower node. They're currently used for calculating the minimum spanning > tree of the network, for tinc metadata broadcast. >
thanks! > > * Is there a posibility to resolve the routing path through a tinc mesh? > > I'm not entirely sure what you mean. As I understand there is a routing mechanism, that sends traffic from A to C via B, if A and C and reach each other directly. Is that correct? If so, is there a possibility to resolve this routing path? > Look into TunnelServer, it might be what you want. You'd probably want to > set it on B. I will test it in a few days, thanks. > > Oh yes, one thing that might help you out, send a USR1 signal to tinc, to > output all direct connections. > In what way may that help me? USR1 gives me fewer information that the USR2 signal, nor? >> Then why use different keys for each node and not a shared key for everyone? >> >With this you can add or remove other node, or just stop the access >right for one specific node without regenerating all the key.... I don't think I get this right: If I have a VPN-network fully under my administration, i had to log on every node and delete the key of a node i want to exclude. If I want to include a node, I have to copy that key to every other node. In this case a shared key would have been easier. So there is no advantage against changing a shared key. In an other scenario, if I have a VPN-network that is not fully under my administration (like: I connect to a friend, and he connects his friend to the same tinc-vpn), everybody has to agree to throw one out. I cannot select a subgroup of friends I trust and only let them communicate to me while my friend select a different subgroup. At the moment I am not convinced that this "key-exchange-feature" is a helpfull compared to VPN with shared key on the one side and a VPN only talking to nodes with known keys on the other side. But I have to test the TunnelServer parameter and give i bit more thinking. Meanwhile, any enlightenment is welcome. Frithjof _______________________________________________ tinc mailing list [email protected] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
