That's exactly right. Corollary: if you take one node from a tinc network and connect it to a node from another isolated tinc network, the two networks become one :)
On 1 May 2017 at 13:16, Bright Zhao <[email protected]> wrote: > Hi, Etienne > > Thanks for your clarification, and this helped a lot. And in order to get > a better understanding for the mechanism of Tinc and the purpose of > ConnectTo statement, can I think the ConnectTo is the way to get the node > into the Tinc VPN domain, instead of establish VPN connection between nodes. > > Once any node ConnectTo the Tinc VPN domain, it learns all other nodes, > subnets, and corresponding public or private(but UDP reachable), and > establish full mesh VPN among them on-demand. So technically speaking, only > one ConnectTo would be enough for the node to join the full mesh VPN, but > in order to provide resilience, add a second ConnectTo will be beneficial. > > > On 1 May 2017, at 6:39 PM, Etienne Dechamps <[email protected]> wrote: > > If you have multiple ConnectTo statements in your tinc.conf, then tinc > will attempt to establish connections with *all* of them. It is not a > fallback, though it is a good idea for every node to have at least two > direct connections for improved resiliency and fault tolerance. > > As to whether you should have just one tinc network or multiple networks, > well, that depends on what you're trying to accomplish and whether you want > isolation between these networks. If all your nodes are meant to be part of > the same VPN (i.e. same address space) and are part of the same trust > domain (i.e. they all trust each other equally), then it's simpler to have > them be in the same tinc network - that will simplify configuration and it > will result in smarter routing decisions. > > If you are setting up individual tinc networks that only have two nodes in > them, then tinc is overkill - you might as well use something simpler like > IP/IP, GRE, OpenVPN or other "point-to-point" VPN solutions. tinc's purpose > is to build a reliable, self-routing VPN out of a large mesh network of > nodes; it makes little sense to use it for simple point-to-point > connections. > > On 30 April 2017 at 00:53, Bright Zhao <[email protected]> wrote: > >> Hi, Tinc experts >> >> I’m on-boarding for Tinc for just quite a few days, and trying to setup >> the connection between one client to multiple server, where multiple vpn >> tunnels from the client to different server. From the documentation, it >> indicate the tinc.conf can support multiple ConnecTo, also the tinc can >> support multiple netname, like /etc/tinc/net1, /etc/tinc/net2. >> >> My question is, for my above use case, I should go with multiple netname >> instead of multiple ConnectTo, right? I did some tests, and I found no >> matter how many ConnectTos I placed in the tinc.conf(on the client side), >> only one connection can made to the server, and only one tun0 bring up with >> is the p2p connection can only go with one server, even though from debug >> message, I saw to connections all established, but only one connection is >> pingable. >> >> If this is the case, then can I assume the ConnectTo in the tinc.conf is >> connection by sequence which is a failover machoism, instead of "connect >> them all"? But multiple netname can do the “connect them all" >> >> >> -- >> Bright Zhao sent from Gmail >> >> _______________________________________________ >> tinc mailing list >> [email protected] >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> > >
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
