Hi, Etienne Thanks for your clarification, and this helped a lot. And in order to get a better understanding for the mechanism of Tinc and the purpose of ConnectTo statement, can I think the ConnectTo is the way to get the node into the Tinc VPN domain, instead of establish VPN connection between nodes.
Once any node ConnectTo the Tinc VPN domain, it learns all other nodes, subnets, and corresponding public or private(but UDP reachable), and establish full mesh VPN among them on-demand. So technically speaking, only one ConnectTo would be enough for the node to join the full mesh VPN, but in order to provide resilience, add a second ConnectTo will be beneficial. > On 1 May 2017, at 6:39 PM, Etienne Dechamps <[email protected]> wrote: > > If you have multiple ConnectTo statements in your tinc.conf, then tinc will > attempt to establish connections with *all* of them. It is not a fallback, > though it is a good idea for every node to have at least two direct > connections for improved resiliency and fault tolerance. > > As to whether you should have just one tinc network or multiple networks, > well, that depends on what you're trying to accomplish and whether you want > isolation between these networks. If all your nodes are meant to be part of > the same VPN (i.e. same address space) and are part of the same trust domain > (i.e. they all trust each other equally), then it's simpler to have them be > in the same tinc network - that will simplify configuration and it will > result in smarter routing decisions. > > If you are setting up individual tinc networks that only have two nodes in > them, then tinc is overkill - you might as well use something simpler like > IP/IP, GRE, OpenVPN or other "point-to-point" VPN solutions. tinc's purpose > is to build a reliable, self-routing VPN out of a large mesh network of > nodes; it makes little sense to use it for simple point-to-point connections. > > On 30 April 2017 at 00:53, Bright Zhao <[email protected] > <mailto:[email protected]>> wrote: > Hi, Tinc experts > > I’m on-boarding for Tinc for just quite a few days, and trying to setup the > connection between one client to multiple server, where multiple vpn tunnels > from the client to different server. From the documentation, it indicate the > tinc.conf can support multiple ConnecTo, also the tinc can support multiple > netname, like /etc/tinc/net1, /etc/tinc/net2. > > My question is, for my above use case, I should go with multiple netname > instead of multiple ConnectTo, right? I did some tests, and I found no matter > how many ConnectTos I placed in the tinc.conf(on the client side), only one > connection can made to the server, and only one tun0 bring up with is the p2p > connection can only go with one server, even though from debug message, I saw > to connections all established, but only one connection is pingable. > > If this is the case, then can I assume the ConnectTo in the tinc.conf is > connection by sequence which is a failover machoism, instead of "connect them > all"? But multiple netname can do the “connect them all" > > > -- > Bright Zhao sent from Gmail > > _______________________________________________ > tinc mailing list > [email protected] <mailto:[email protected]> > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> > >
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
