Since most VPN traffic is already compressed at the application layer, think carefully about whether you need this enabled. All nodes must be configured with the same setting. The default of “0” (disabled) can be adjusted as high as “11”. You might need to tune this for network devices that don't have root/Administrator privileges (not applicable to FreshTomato).Ĭompression: In some cases, compression may increase VPN speeds. Port: An empty value configures the default setting (TCP/UDP, port 655). Direct communication means without relay. Name: As on the Config tab, this is the unique Tinc identifier defined in the Host Name field.Īddress: This is used only when direct communication is possible and defines the IP address or (fully qualified domain name) where the host can be found. This tells the local Tinc daemon to attempt a direct connection to another host (not including a relayed connection ). However, you do need to define “yourself” on each Tinc device.ĬonnectTo: This flag can be set “On” or left blank. Hosts may not be able to communicate for various reasons, including the presence of NAT devices between them. It can use a relay to reach secondary hosts if the end devices can't (yet) communicate. Tinc doesn't need all hosts to be defined. Most of the hosts on your network should be defined on this page. The RSA key is optional and is needed only for communication with hosts using Tinc version 1.0 or lower.Ĭustom: This field allows you to specify any custom Tinc daemon parameters you might want.
RSA encryption uses much more CPU power than the Ed25519 protocol. RSA Private Key: * Here, enter the private RSA key. This key is needed for the encryption process. If set to zero, the watchdog is disabled.Įd25519 Private Key: In this field, enter your private Ed25519 encryption key. If it finds that Tinc is not running, it will restart the Tinc service. Poll interval: If set greater than zero, a watchdog polls whether Tinc is running every n minutes to verify that it has not crashed. This is NOT the same as the device's DHCP/ DNS Hostnames. Host Name: This is the unique identifier of the OpenVPN device. VPN Netmask: Here, specify the (sub)netmask to be used for intra-site communications. For more information on these protocols, see the “Interface Type” section of the OpenVPN Server wiki page. TAP is switched, and runs at the datalink layer. TUN is routed, and runs at the network (IP) layer. Interface type: TUN/TAP: Here, you specify the communication protocol used within your VPN. Start with WAN: Enabling this will cause the Tinc daemon to start as part of the wanup (WAN interface initialization) process.
0 kommentar(er)
