Hi, Raul Thank you.
In addition, there’s another information I didn’t mention earlier that B have the default route to Internet, where B will advertise this default route to both A and C, so that A and C can go to Internet through B, but A and C wouldn’t have each other’s route accordingly. You can think about A and C share the same internet gateway, but they wouldn’t know each other. Assume A and C wouldn't add route to each other using B as gateway, so no additional firewall configuration on B required, right? > On 26 Jul 2017, at 10:26 AM, Raul Dias <[email protected]> wrote: > > > > On 7/25/17 10:51 PM, Bright Zhao wrote: >> I can think of run two tinc network which are two processes, other than >> this, any other easier way to make it as one network, but B doesn’t >> advertise the info from one side to the other side? > Yep, create a different network ( /etc/tinc/network2 ) and make it > listen (if listening) on a different port. > > A <---------------> B <-----------> C > 10.1.2.X/24 | 10.1.2.X/24 > | 10.2.2.X/24 | 10.2.2.X/24 > > So each tinc daemon with a /16 is fine. > No way for A <--> C, unless, A and C know about each other and add > routes using B as gateway. > > So B explicitly needs to firewall this situation if necessary. > > > -rsd > > > _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
