tinc from behind a NAT

[Jason Ostermann]

I'm stuck behind a corporate NAT that I obviously have absolutely no
control over. The nice thing is that the firewall rules, AFAIK, are very
nice.
I've had tinc running before from behind nazi firewalls with no NAT.
Been fiddling with tinc for many hours, but have been SOL.

The local machine is the client (has ConnectTo in the conf), and remote
is the server (has Listen in the conf). Both have Port=8080 in their
host files. 

I beleive all the configuration stuff is good. I see packets going out
the local (behind nat) tr0 (yup, no ethernet here, just token ring) and
going into the remote eth0. Tinc registers that the connection is alive
and well in the logs, and reports reasonable packet count numbers when
it exits.

I beleive the problem is in the replies.
The configured port (8080) is NOT accessible going towards this end. ie,
the NAT remaps UDP ports. So, the connection goes something like this:

local            nat                    remote
a:8080  --->> b:8080=>c:32896 ------>>  d:8080

(hopefully that made some sense, tracking the UDP connection here).
Does tinc expect to be able to reach the local machine via UDP port
8080? I saw a mention about TCPonly being removed from pre3. Is there an
expected date for when it will be active again?

On another note, using something like "-ddd" or "-d3" or "-d -d -d" does
not cause tinc to log packets. How do I turn on uber-logging?

Thanks!!
-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/