larger than minimun MTU, forwarding via other node
Guus Sliepen
guus at tinc-vpn.org
Sat Feb 1 13:52:46 CET 2014
On Fri, Jan 31, 2014 at 07:39:21PM -0800, Cobin Bluth wrote:
> First off, I would like to express my appreciation for the tinc software,
> it has been such a great vpn solution for what i need, its amazing.
Thanks!
> I am setting up another node on the vpn. "KVM" is my public facing node,
> "MacbookAir" is my workstation, "NewNode" is my node i have recently
> configured and the one with the issue presumably. NewNode and MacbookAir
> are on the same network, KVM is on a separate physical network.
>
> I configure NewNode per usual, and then when i ping from MacbookAir to
> NewNode over the vpn network, i get very slow speeds, but when i ping
> NewNode over my local network, i get reasonable speeds. From my
> understanding, tinc will forward packets through any available node until
> it can establish a direct p2p or node-to-node connection, is this correct?
> This does not seem to happen.
Yes, however I think the problem in your situation is that NewNode and
MacbookAir learn each other's IP address from KVM, and since they are behind a
NAT, KVM only knows the IP address of the NAT device. Therefore, NewNode and
MacbookAir try to communicate to each other via the NAT device (this is called
hairpin routing). Your NAT doesn't support this, so NewNode and MacbookAir
think they cannot connect directly to each other.
The fix is to add "LocalDiscovery = yes" to either MacbookAir or Newnode's
tinc.conf. This will cause them to send broadcast packets on the local network,
so they can learn each other's local IP address.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140201/8772a676/attachment.sig>
More information about the tinc
mailing list