Please help with configuration (Drake Drake)

Thu Feb 7 20:20:50 CET 2019

 Hello Drake,
I am doing the same... Spanish TV to my UK home, and UK TV to my Spanish home, using Kodi and TVHeadend!!It works really well, but find that I need powerful PCs running Kodi/PVR-HTS to prevent buffering.
The Tinc VPN does not filter ports - all ports are available at each end. Since you're likely to be behind NAT this is safe.
The port numbers 9981 and 9982 are only needed in the PVR-HTS Addon within Kodi, assuming you're starting TVHeadend with the defaults.
It took me many hours of reading the Tinc docs and examples many times to get the configuration!!
And Micheal's comments were a good summery.
John
  1. Re: Please help with configuration (Drake Drake)
  2. Re: Please help with configuration (Michael Munger)
Thanks Michael, I will proceed like this. I think I didn't have UDP 655 forwarded on the remote server, will do that (had it at my client's router).If tinc connects, will both server and client see each other, for example I will be able to access all webui's running on SERVER from CLIENT side? For example, SERVER is running webui of Tvheadend on 192.168.0.4:9981 How can I access that from CLIENT? Do I need to use iptables or routing?Thanks,drake
On Thu, Feb 7, 2019 at 6:26 PM Michael Munger <mj at hph.io> wrote:

Local IPs of the client are irrelevant.

The client should be configured to look for the host by domain name (/etc/tinc/yournetwork/hosts/EXAMPLESERVER should have the dDNS name in the Address directive) and the tinc.conf file should have that as the host to connect to for the network. (ConnectTo=EXAMPLESERVER)

Then, you need port forwarding in your router to forward TCP/UDP 655 from the WAN address to the router to the LAN address of the server. The server should be a static IP on that network or it should have a DHCP reservation so it doesn't move and break NAT port forwarding.

When tinc starts, it will check tinc.conf for the ConnectTo directive. In your case, it will be ConnectTo=EXAMPLESERVER. Then, it looks in the hosts/ directory for the EXAMPLESERVER file, and reads the Address= directive to see where that server is. Since you're using ddns, it will do a DNS lookup for that domain name, and find your current IP address (hopefully) and try to connect on udp/655. When those packets reach your router, they should get forwarded to the server, which will authenticate the connection. If the server can authenticate the client, it will keep the connection, and if not, it will drop it. 

 Make sure that your host files are properly exchanged on both sides so that both sides can authenticate the other side using the public / private key pair. (Private keys are never exchanged. Only public ones as kept in the hosts/ directory).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190207/5714eafb/attachment.html>