The DNet App Driver maps the block data to the App's configuration settings and manage the life cycle the Tinc-VPN App.
Each dnet record contains a list of map, each map then contains a member node info, including a pair of (virtual IP address, PubKey).
Each dent record also contains a relational link to ovc record.
The following settings are needed to create encrypted tunnels to peer nodes:
The Tinc VPN docs has the complete guide.
As shown above, there is a one-2-one mapping of the on-chain data and the Tinc VPN setting. With the DNetDB data, the Tinc App Driver programm can fully automate the configuration.
The Tinc App Driver programm initially pulls the data from blockchain to configure Tinc, then subscribes to the DNetDB events to update the settings accordingly, e.g. when peer nodes join or leave the dnet.