Guus, On Mon, 2018-01-15 at 18:58 +0100, Guus Sliepen wrote: > On Mon, Jan 15, 2018 at 01:56:11AM -0500, [email protected] wrote: > > > I am making some systems that are going to be donated to different > > organizations and I want the kids to be able to share programs they > > write with each other on the different disk automatically securely. > > Can > > I network these systems without knowing individual ip's and not > > touching firewalls. I was thinking maybe I could use a dns service > > like > > duckdns to substitute ip's with comp1.duckdns.org, > > comp2.duckdns.org, > > etc. > > Is this even possible/advisable using tinc? > > Yes. > > > I am guessing I would minimally need to know the internal private > > ip's > > to avoid conflicts. > > Indeed, you need to carefully choose an address range for your tinc > network so that there are no conflicts with the local network of any > of > the peers. If possible, try to use IPv6. With RFC 4193, you can > generate > a unique private address range that is virtually certain to not > conflict > with anything. Also, you will have a huge address space to work with. > You might also be able to acquire a globally unique address range for > your project. > > As for the external addresses of the systems: there is no need for > all > nodes in the VPN to know the external address of all other nodes up > front. Also, you can use hostnames instead of numeric addresses so > indeed, if you have a DNS zone set up you can make use of that. > > As long as you have one or more central nodes with a known IP address > or > hostname that other nodes can connect to, you do not need to know the > external IP addresses of any of the other nodes. As soon as tinc > daemons > connect to the central nodes, they will learn about each other's > addresses, and will use this information to connect to each other > directly, if possible. > > Thank you for the response and the suggestion about using ipv6 addresses! Now to get reading ;)
Walt > _______________________________________________ > tinc mailing list > [email protected] > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
