I've got an AWS cloud and a local network. I'd like to setup an access from
private EC2 instances to local network tinc server. There are two public
EC2 instances with tinc server installed, other (private) EC2 nodes do not
have tinc.


VPC subnet: 172.22/16
VPN subnet: 21.0.0/24

Source EC2 instance ip:
Tinc 1 ip:,
Tinc 2 ip:,

Local network tinc (tinc 3):

I need to have an access from to

I've setup a VPC route table to route all requests to 21.0.0/24 to tinc 1
and had configured tinc nodes to use masquerading. It works perfectly when
a traffic flows like this:

source -> tinc1 -> tinc3 -> tinc1 -> source

But if tinc3 replies to a different node there is a problem since there's
no masquerading record for that request

source -> tinc1 -> tinc3 -> tinc2 -> xx

One of the possible ways to resolve this issue would be to install tinc to
every private EC2 node. Could you please suggest other ways to implement it?


tinc mailing list

Reply via email to