Automatic configuration of direct routes behind NAT
Guus Sliepen
guus at tinc-vpn.org
Sun Mar 11 10:11:02 CET 2012
On Sun, Mar 11, 2012 at 02:37:39PM +1100, Andrew Cowie wrote:
> > If they are not behind the same NAT, tinc does use a STUN-like technique to
> > allow the Leafs to talk to each other directly (if the NAT devices allow that).
>
> As far as I can tell, the ICE protocol as used by Empathy to get a
> Jingle audio or video call going simply transmits the addresses of *all*
> local addresses. The the other side decides which has the lowest metric
> (sic) cost, and of course if they are on the same subnet (ie tinc!) then
> that's what they pick.
>
> Perhaps tinc could do something analogous? If I advertise that I'm on
> 192.168.90.x and you are on 192.168.90.x then it's probably worth a shot
> at attempting a direct connection. Sure it might not work (for not the
> least reason that you might have conflicting overlapping private address
> spaces on two actually remote clients) but mightn't it be easier than
> e.g. braodcasting (which is very much limited to local segment only).
Implementation wise the broadcasting method is much easier. The trick is how to
detect the local address, maybe getpeername() on one of the TCP connections
will work on all platforms supported by tinc. Then it needs to be sent to the
other node, but I have to do that in a backwards AND forwards (with tinc 1.1)
compatible way. I'll think a bit more about it.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120311/f8cb26f5/attachment-0001.pgp>
More information about the tinc
mailing list