<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Tinc also does not seem to care much about the TCP port numbers. I
have had some success with both kernel (NAT) redirection and
userspace (socat or similar) forwarding of the TCP port used for
meta connections. I use this to accept VPN connections on TCP 443 in
addition to the default port. I think tinc will still use the
configured port for UDP packets in this case.<br>
<br>
--<br>
Ivo<br>
<br>
<div class="moz-cite-prefix">Op 2-5-2017 om 18:59 schreef Peter
Whisker:<br>
</div>
<blockquote
cite="mid:CACX7NqumCngNMv8=p+Hw_+12JXdqj8D-vyfUnziqjLCsL6z2wg@mail.gmail.com"
type="cite">
<div dir="auto">It's down to corporate firewall rules I can't
control. I've tried tricking it like you suggested but it didn't
work. I guess iptables is the next port if call.
<div dir="auto"><br>
</div>
<div dir="auto">It might be a useful addition to tinc.<br>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks</div>
<div dir="auto">Petdf</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 May 2017 17:50, "Guus Sliepen"
<<a moz-do-not-send="true" href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue,
May 02, 2017 at 05:40:40PM +0100, Peter Whisker wrote:<br>
<br>
> Is it possible to use different port numbers for UDP
and TCP? I'd like to<br>
> open the TCP connection to one port on the remote
server and stream the UDP<br>
> packets to a different port. I've tried specifying both
as BindToAddress<br>
> and Address lines but it always just uses TCP.<br>
<br>
It's not directly supported by tinc, but maybe you can trick
it to. Here<br>
are some pointers:<br>
<br>
You can have multiple BindToAddress lines. For outgoing UDP
packets,<br>
tinc will *initially* use the first matching one for a given
address<br>
family (IPv4 or IPv6).<br>
<br>
Other tinc nodes will *initially* try to send UDP packets to
this node<br>
on the same port.<br>
<br>
However, to help NAT traversal, tinc will allow packets from
different<br>
ports. If you really want to allow UDP packets on only one
specific<br>
port, you might want to add firewall rules to block UDP
packets from<br>
the other port(s), both incoming and outgoing.<br>
<br>
Since tinc does not care about the port, you might instead
try to add<br>
NAT rules that change the source port of outgoing UDP
packets to the<br>
desired one (and also the destination port of incoming UDP
packets).<br>
<br>
But I wonder why you want to split this?<br>
<br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a moz-do-not-send="true"
href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
<br>
______________________________<wbr>_________________<br>
tinc mailing list<br>
<a moz-do-not-send="true" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a moz-do-not-send="true"
href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc"
rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
tinc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a>
<a class="moz-txt-link-freetext" href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
</pre>
</blockquote>
<br>
</body>
</html>