<div dir="ltr">Thanks for the clarification. I think the difference between 1.0 and 1.1 was that the UDP tunnel was never built, but tinc allowed TCP only communications anyway. In this case, the tunnel is not working unless I open up the UDP port.<div><br></div><div>I thought that if a UDP connection cannot be made, then tinc falls back to TCP only connection, but may be I need to set that in tinc.conf.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">El vie., 30 dic. 2016 a las 7:39, Etienne Dechamps (<<a href="mailto:etienne@edechamps.fr">etienne@edechamps.fr</a>>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg">I believe the reason why you're experiencing this problem is because tinc does not use the connection TCP port to determine which port to send UDP packets to. Instead, it uses the port that is *advertised* by the other node.<br class="gmail_msg"><br class="gmail_msg"><a href="https://github.com/gsliepen/tinc/blob/06b820133285f83f7e1a839cccbed13358b84081/src/protocol_auth.c#L886" class="gmail_msg" target="_blank">https://github.com/gsliepen/tinc/blob/06b820133285f83f7e1a839cccbed13358b84081/src/protocol_auth.c#L886</a><br class="gmail_msg"><br class="gmail_msg"></div>That means that if node A is configured with UDP port 655, that's the UDP port it will advertise to node B when it connects and that's what node B will use, even if node B used a different TCP port to establish the metaconnection.<br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"></div>I'm not sure why you didn't encounter this problem in tinc 1.0 - at first glance the code seems identical in that respect.<br class="gmail_msg"></div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg"></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg">On 29 December 2016 at 20:46, Guillermo Bisheimer <span dir="ltr" class="gmail_msg"><<a href="mailto:gbisheimer@bys-control.com.ar" class="gmail_msg" target="_blank">gbisheimer@bys-control.com.ar</a>></span> wrote:<br class="gmail_msg"></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg">I'm using Tinc 1.1pre14 and I'm trying to connect a node that is behind a firewall that blocks all non-standard ports.<div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">I set up a rule in the server to redirect port 25 (that is not used in the server right now) to port 655, both in tcp and udp protocols, and set up the port 25 in the server host configuration file.</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">The client can reach the server, but after the initial sync and key exchange using TCP using port 25, it tries to make UDP connections to port 655 instead of 25. The tunnel is never built and I cannot reach the client.</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">I remember to have the same setup using tinc 1.0.x and it was working fine, but I'm unable to test it now. Is there a chance that tinc ignores the specified port and uses de default 655 port for UDP connections?</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">Thanks!</div></div><div dir="ltr" class="gmail_msg">-- <br class="gmail_msg"></div><div data-smartmail="gmail_signature" class="gmail_msg"><div dir="ltr" class="gmail_msg"><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><b class="gmail_msg"><i class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)" class="gmail_msg">Ing. Guillermo Bisheimer</span></i></b><span style="font-family:arial,sans-serif" class="gmail_msg"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><b class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)" class="gmail_msg">B&S Sistemas de Control y Equipamientos</span></b><span style="font-family:arial,sans-serif" class="gmail_msg"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)" class="gmail_msg">Av. de los Constituyentes 1172</span><span style="font-family:arial,sans-serif" class="gmail_msg"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)" class="gmail_msg">(E3116CIX) Crespo, Entre Ríos</span><span style="font-family:arial,sans-serif" class="gmail_msg"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><span style="background-color:rgb(255,255,0)" class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)" class="gmail_msg">Tel/Fax: (</span><font color="#4f81bd" face="Arial, sans-serif" class="gmail_msg">0343) 407-8990 (Nuevo número)</font></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)" class="gmail_msg">Cel: (0343) 154679052</span><span style="font-family:arial,sans-serif" class="gmail_msg"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)" class="gmail_msg">WEB: </span><span style="font-size:10pt;font-family:arial,sans-serif;color:rgb(31,73,125)" class="gmail_msg"><a href="http://www.bys-control.com.ar/" class="gmail_msg" target="_blank">www.bys-control.com.ar</a></span><span style="font-family:arial,sans-serif" class="gmail_msg"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)" class="gmail_msg">e-mail: <a href="mailto:gbisheimer@bys-control.com.ar" class="gmail_msg" target="_blank">gbisheimer@bys-control.com.ar</a></span><span style="font-family:arial,sans-serif" class="gmail_msg"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt" class="gmail_msg"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)" class="gmail_msg">skype: guillermo.bisheimer</span></p></div></div>
<br class="gmail_msg"></blockquote></div></div><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br class="gmail_msg">
tinc mailing list<br class="gmail_msg">
<a href="mailto:tinc@tinc-vpn.org" class="gmail_msg" target="_blank">tinc@tinc-vpn.org</a><br class="gmail_msg">
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" class="gmail_msg" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br class="gmail_msg">
<br class="gmail_msg"></blockquote></div><br class="gmail_msg"></div>
</blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><b><i><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">Ing. Guillermo Bisheimer</span></i></b><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><b><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">B&S Sistemas de Control y Equipamientos</span></b><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Av. de los Constituyentes 1172</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">(E3116CIX) Crespo, Entre Ríos</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="background-color:rgb(255,255,0)"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Tel/Fax: (</span><font color="#4f81bd" face="Arial, sans-serif">0343) 407-8990 (Nuevo número)</font></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Cel: (0343) 154679052</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">WEB: </span><span style="font-size:10pt;font-family:arial,sans-serif;color:rgb(31,73,125)"><a href="http://www.bys-control.com.ar/" target="_blank">www.bys-control.com.ar</a></span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">e-mail: <a href="mailto:gbisheimer@bys-control.com.ar" target="_blank">gbisheimer@bys-control.com.ar</a></span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">skype: guillermo.bisheimer</span></p></div></div>