Problems when outgoing source port is altered by router

yeahh at gmx.ch yeahh at gmx.ch
Mon Sep 22 18:34:43 CEST 2003 

hi folks

well, tinc is a really nice tool and we implemented it on 3 linux servers 
and 2 mobile clients (XP notebooks) so far.

one of the 3 tinc servers is making troubles, when a connection is initiated
from 
this server over a zyxel 642 adsl router out to the other 2 servers in the 
internet. the logfiles of the other 2 servers shows:
 
  > tinc[1398]: Received UDP packet from unknown source [ip-addr] port
[random port number, but not 655]

when we monitor the udp ports of the connections that work, all servers
always use source
and destination port 655, but this particular server behind the zyxel router
sends 
out from port 655 and the zyxel thingy changes the source port to some
random 
port e.g. 513. thus the other tinc servers cant recognize the incoming
request properly 
because the source port is not 655 as expected. thats pretty annoying. 

if one of the two other servers is initiating the connection, then the
source and destination port is as expected 655 and the connection to this server
behind the zyxel is working smoothly. (port forwarding 655)

the same problem appears using the two XP notebooks. the connection to all 3
tinc servers
usually works fine using a direct internet connection or behind most
routers, but if 
you sit with your notebook behind a router that changes the outgoing port of
your requests, the udp connection to the tinc 
server will fail, again with the message "..unknown source.." in the target
server log. 

changing to indirectdata / tcponly is not an option for us, because voice
over ip traffic 
without udp is a nightmare :(

any thoughts?

thanks! ;) flx

-- 
+++ GMX - die erste Adresse für Mail, Message, More! +++

Getestet von Stiftung Warentest: GMX FreeMail (GUT), GMX ProMail (GUT)
(Heft 9/03 - 23 e-mail-Tarife: 6 gut, 12 befriedigend, 5 ausreichend)

Jetzt selbst kostenlos testen: http://www.gmx.net

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list