Home / server / Questions / 787482
In Process
enthus1ast
Asked: 2016-07-02 13:17:38 +0800 CST

tinc restrict communication between clients

  • 772

I've a network:

[host] <------->[host] <----------- [workstation]
    ^   ^        ^ ^
   /     \      /   \
  /       \    /     \
[client] [client] [client] [...]

(pointers are ConnectTo directives)
(host:=linux, client:=win, workstation:={linux,win})

How could i prevent a direct (logical) connection from a client to another client but allow the workstation to access everything in the network.

Is there a tinc way to do this?

i use tinc version 1.1pre14.

vpn tinc

1 Answers

  1. You may use a strict argument and not exchange keys between clients then set the hosts and workstation firewall to no accept connections from the clients subnet.

         StrictSubnets = yes | no (no) [experimental]
         When this option is enabled tinc will only use Subnet statements which are present in the host config files in the
         local /etc/tinc/NETNAME/hosts/ directory. Subnets learned via connections to other nodes and which are not present
         in the local host config files are ignored.

     TunnelServer = yes | no (no) [experimental]
         When this option is enabled tinc will no longer forward information between other tinc daemons, and will only allow
         connections with nodes for which host config files are present in the local /etc/tinc/NETNAME/hosts/ directory.
         Setting this options also implicitly sets StrictSubnets.
    • 1