On Tue, Apr 3, 2018 at 2:55 AM, John Radley (yahoo) <[email protected]> wrote: > This is annoying however. Now I have to give very client a route back to the > VPN network, just to support Server to Client connectivity > I would have thought just specifying each client to have a route back to > Tinc Server (using local lan address) was sufficient.
> How I have found and described problem, can you explain why and offer any > alternative than such explicit routes. The "why" is that each system needs to know how to route each outbound packet before it can send that packet. As for an alternative: I believe you could eliminate the separate subnet for the Servers. Just give each Server an IP address on the same subnet as the clients it serves. In fact, the Servers probably already have such an IP address (although I could be wrong about this as I have not reviewed your configuration / network graph in detail). Best, Parke _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
