Windows client not honorring the Port directive?
Hans Voss
hans.voss at gmail.com
Thu Jan 31 14:54:14 CET 2008
OK thanks, it works now.
After I started checking *everything* I found that sometime during the
copying of configuration files the host-key for one of the parties got
mangled..... (Probably due to the difference between Linux and Windows
machines (CR/LF).
Tinc correctly refuses to setup the connection (but also refused to
give a clear indication of the nature of the problem).
On Jan 31, 2008 12:31 PM, Guus Sliepen <guus op tinc-vpn.org> wrote:
> On Wed, Jan 30, 2008 at 06:09:46PM +0100, sich wrote:
>
> > > I have trouble making a tinc daemon on a Windows XP machine behave properly.
> > > In order to let the connection go through the (NAT) firewall I need to
> > > be able to pinpoint the exact portnumber used, so I can make the
> > > proper rewriting rules.
> > >
> > > However when I don't specify any Port number the firewall receives
> > > connection attempt for the other tinc machine on the internet from a
> > > "random" high port number (1025 and up, increasing with each attempt).
> > >
> > > If I *do* specify a Port directive in the Host configuration then the
> > > daemon is still using the "random" high portnumbers.
> [...]
> > The tinc port is the destination port. The source port is randomly generate.
>
> The source port of tinc's TCP connections is random, but each tinc
> daemon will use a fixed source port for UDP packets. If you see UDP
> packets from random port numbers, there is a NAT somewhere in your
> network. You can add "TCPOnly = yes" to tinc.conf to tunnel everything
> via TCP.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus op tinc-vpn.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFHobGrAxLow12M2nsRAheMAJ9bFAyUcN0nZfA1DEXnQSPQU5ULtgCfUbkx
> E+joFWltr8ndJeu1VwOvqXw=
> =rP9p
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tinc mailing list
> tinc op tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
--
----
Met vriendelijke groeten / With kind regards
Hans Voss
---------------------------------------
* Senior Consultant Open Source, Networking and Security
* General Open Sourcerer
* google talk enabled
* blog: http://jazzterdaily.blogspot.com - Tech and other news that
caught my attention.
* Shared News feed:
https://www.google.com/reader/public/atom/user/02723796534474865919/state/com.google/broadcast
More information about the tinc
mailing list