Please help with configuration
Drake Drake
drakemails at gmail.com
Thu Feb 7 18:53:36 CET 2019
Thanks Michael, I will proceed like this.
I think I didn't have UDP 655 forwarded on the remote server, will do that
(had it at my client's router).
If tinc connects, will both server and client see each other, for example I
will be able to access all webui's running on SERVER from CLIENT side?
For example, SERVER is running webui of Tvheadend on 192.168.0.4:9981 How
can I access that from CLIENT? Do I need to use iptables or routing?
Thanks,
drake
On Thu, Feb 7, 2019 at 6:26 PM Michael Munger <mj at hph.io> wrote:
> Local IPs of the client are irrelevant.
>
> The client should be configured to look for the host by domain name
> (/etc/tinc/yournetwork/hosts/EXAMPLESERVER should have the dDNS name in the
> Address directive) and the tinc.conf file should have that as the host to
> connect to for the network. (ConnectTo=EXAMPLESERVER)
>
> Then, you need port forwarding in your router to forward TCP/UDP 655 from
> the WAN address to the router to the LAN address of the server. The server
> should be a static IP on that network *or *it should have a DHCP
> reservation so it doesn't move and break NAT port forwarding.
>
> When tinc starts, it will check tinc.conf for the ConnectTo directive. In
> your case, it will be ConnectTo=EXAMPLESERVER. Then, it looks in the hosts/
> directory for the EXAMPLESERVER file, and reads the Address= directive to
> see where that server is. Since you're using ddns, it will do a DNS lookup
> for that domain name, and find your current IP address (hopefully) and try
> to connect on udp/655. When those packets reach your router, they should
> get forwarded to the server, which will authenticate the connection. If the
> server can authenticate the client, it will keep the connection, and if
> not, it will drop it.
>
> Make sure that your host files are properly exchanged on both sides so
> that both sides can authenticate the other side using the public / private
> key pair. (Private keys are never exchanged. Only public ones as kept in
> the hosts/ directory).
>
> Michael Munger, dCAP, MCPS, MCNPS, MBSS
> *Microsoft Certified Professional*
> *Microsoft Certified Small Business Specialist*
> *Digium Certified Asterisk Professional*
> *High Powered Help, Inc.*
> p: 678-905-8569
> w: hph.io e: mj at hph.io
>
> On 2/7/19 5:03 AM, Drake Drake wrote:
>
> Hi,
>
> I'm new to Tinc and I'm having some hard time to figure out the proper
> configuration for my use case. In hope you can help me out.
>
> A) SERVER running tinc (Ubuntu 16.04 LTS)
> External IP: 111.111.111.111 (ddns)
> Behind a router with NAT, local IP of SERVER: 192.168.0.4
>
> B) CLIENT running tinc (Ubuntu 16.04 LTS)
> External IP: 222.222.222.222 (ddns)
> Behind a router with NAT, local IP of CLIENT: 192.168.1.100
>
> I would like to make a tunnel between SERVER and CLIENT in order to access
> TVheadend SatIP on SERVER from CLIENT. The ports are 9981 and 9981 (UDP and
> TCP). That is, my CLIENT should see the SERVER.
> I don't want to route any of the internet traffic over client or server,
> just to have access to these remote ports.
> What would be the way to achieve this?
>
> Many thanks,
> drake
>
> _______________________________________________
> tinc mailing listtinc at tinc-vpn.orghttps://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190207/02b98ab9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mdonhcmajalnajpc.png
Type: image/png
Size: 738 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190207/02b98ab9/attachment.png>
More information about the tinc
mailing list