2

I've a network:

[host] <------->[host] <----------- [workstation]
    ^   ^        ^ ^
   /     \      /   \
  /       \    /     \
[client] [client] [client] [...]

(pointers are ConnectTo directives)
(host:=linux, client:=win, workstation:={linux,win})

How could i prevent a direct (logical) connection from a client to another client but allow the workstation to access everything in the network.

Is there a tinc way to do this?

i use tinc version 1.1pre14.

enthus1ast
  • 121
  • 3

1 Answers1

1

You may use a strict argument and not exchange keys between clients then set the hosts and workstation firewall to no accept connections from the clients subnet.

     StrictSubnets = yes | no (no) [experimental]
         When this option is enabled tinc will only use Subnet statements which are present in the host config files in the
         local /etc/tinc/NETNAME/hosts/ directory. Subnets learned via connections to other nodes and which are not present
         in the local host config files are ignored.

     TunnelServer = yes | no (no) [experimental]
         When this option is enabled tinc will no longer forward information between other tinc daemons, and will only allow
         connections with nodes for which host config files are present in the local /etc/tinc/NETNAME/hosts/ directory.
         Setting this options also implicitly sets StrictSubnets.
Benoit Anastay
  • 11
  • 3
  • I've tested the method I did put TunnelServer = yes on a node then I removed host file of my computer and I wasn't able to communicate with this node, for more security you can forward through kernel and use iptables on masters nodes – Benoit Anastay Jan 17 '17 at 17:48