NAT and UDP
Guus Sliepen
guus at tinc-vpn.org
Fri Mar 30 10:56:41 CEST 2007
On Tue, Mar 27, 2007 at 02:41:22AM +0200, Andreas wrote:
> I have 2 hosts, A and B. B is behind a NAT.
> TCP works, but when I attempt to use UDP, the following messages appears
> on A:
>
> Received UDP packet from unknown source x.x.x.x port 10192
>
> This is not the port specified in the configuration, but I don't really
> understand why tinc should care about that. The security shouldn't depend
> on IP and port numbers, but on the crypto (MAC etc). So why not remove this
> check from net_packet.c? (I'm referring to the last lines of said file.)
You are right that the security does not depend on it, but before tinc
can try to decrypt a packet it has to know from where it came, because
it needs to use the right decryption key. The current protocol does not
provide a way to determine it other that by looking at the source
address and port.
This issue will most likely not be solved in 1.x, but in 2.0 it will.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20070330/dbcc10d6/attachment.pgp
More information about the tinc-devel
mailing list