Hello,
On 4/11/2018 9:20 PM, Etienne Dechamps wrote:
No, the "via" option doesn't have any effect, because it only has
effect at layer 2, e.g. on an Ethernet network. tinc running in router
mode is a layer 3 (IP) network, not a layer 2 (Ethernet) network.
When you use that option on a layer 2 network such as Ethernet, the
"via" option determines which layer 2 host (i.e. which MAC address,
after ARP resolution) the packet will go to. In "router mode" tinc
there are no MAC addresses, and tinc decides where to send packets
based on destination IP address, not the kernel.
Thank you for that info. I did not realize the part about the MAC
address when using system/kernel routing. That makes a lot of sense. It
explains other issues I had in the past with (for me) unexpected
behaviour of tinc.
So is there a way to send packets to a specific gateway ip using
ip route?
If you change the tinc mode to "switch", then your tinc VPN will
behave just like a physical Ethernet network, and the "via" option
will work just like it does on a real network. But note that setting
that option comes with a long list of consequences and is quite a
radical, breaking change. (Also keep in mind that all nodes on your
network need to use the same mode.)
No. I really do not want to use tinc in switch mode.
An alternative solution to your problem, besides going one layer down,
would be to go one layer up: you could set up a "tunnel within the
tunnel", i.e. hosta could establish a tunnel to hostc *on top of* the
tinc VPN. Then, if you want certain packets to go through hostc, you
can just send them through that tunnel and you're done. I am actually
using such a solution for a special purpose on my own tinc network
right now. The simplest solution for the tunnel is to use IP/IP, which
has minimal overhead and is easy to understand and troubleshoot. I
contributed some code to tinc that provides better support for that
use case: https://github.com/gsliepen/tinc/pull/166
<https://github.com/gsliepen/tinc/pull/166>
Thanks for that suggestion.
I am using the ip/ip tunnel over tinc construction now and it works like
a charm. Very easy to implement too.
Thank you all for helping me out and making me understand tinc a little
better.
Regards
Hans
_______________________________________________
tinc mailing list
[email protected] <mailto:[email protected]>
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
<https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc>
_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
