<div dir="ltr"><div>Thanks Michael, I will proceed like this. </div><div>I think I didn't have UDP 655 forwarded on the remote server, will do that (had it at my client's router).</div><div>If tinc connects, will both server and client see each other, for example I will be able to access all webui's running on SERVER from CLIENT side? </div><div>For example, SERVER is running webui of Tvheadend on <a href="http://192.168.0.4:9981">192.168.0.4:9981</a> How can I access that from CLIENT? Do I need to use iptables or routing?</div><div>Thanks,</div><div>drake</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 7, 2019 at 6:26 PM Michael Munger <<a href="mailto:mj@hph.io">mj@hph.io</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

  <div bgcolor="#FFFFFF">

    <p>Local IPs of the client are irrelevant.</p>

    <p>The client should be configured to look for the host by domain

      name (/etc/tinc/yournetwork/hosts/EXAMPLESERVER should have the

      dDNS name in the Address directive) and the tinc.conf file should

      have that as the host to connect to for the network. (ConnectTo=EXAMPLESERVER)<br>

    </p>

    <p>Then, you need port forwarding in your router to forward TCP/UDP

      655 from the WAN address to the router to the LAN address of the

      server. The server should be a static IP on that network <i>or </i>it

      should have a DHCP reservation so it doesn't move and break NAT

      port forwarding.</p>

    <p>When tinc starts, it will check tinc.conf for the ConnectTo

      directive. In your case, it will be ConnectTo=EXAMPLESERVER. Then,

      it looks in the hosts/ directory for the EXAMPLESERVER file, and

      reads the Address= directive to see where that server is. Since

      you're using ddns, it will do a DNS lookup for that domain name,

      and find your current IP address (hopefully) and try to connect on

      udp/655. When those packets reach your router, they should get

      forwarded to the server, which will authenticate the connection.

      If the server can authenticate the client, it will keep the

      connection, and if not, it will drop it. <br>

    </p>

    <p>Make sure that your host files are properly exchanged on both

      sides so that both sides can authenticate the other side using the

      public / private key pair. (Private keys are never exchanged. Only

      public ones as kept in the hosts/ directory).<br>

    </p>

    <div class="gmail-m_7180835906601131637moz-signature">

      <br>

      <table style="background:none;border:0px;margin:0px;padding:0px" cellspacing="0" cellpadding="0" border="0">

        <tbody>

          <tr>

            <td valign="middle"><img id="gmail-m_7180835906601131637preview-image-url" src="cid:168c91440422fce10151"></td>

            <td style="padding:0px 0px 0px 12px">

              <table style="background:none;border:0px;margin:0px;padding:0px" cellspacing="0" cellpadding="0" border="0">

                <tbody>

                  <tr>

                    <td colspan="2" style="padding-bottom:5px;color:rgb(0,0,0);font-size:18px;font-family:Arial,Helvetica,sans-serif">Michael Munger, dCAP,

                      MCPS, MCNPS, MBSS</td>

                  </tr>

                  <tr>

                    <td colspan="2" style="color:rgb(51,51,51);font-size:14px;font-family:Arial,Helvetica,sans-serif"><strong>Microsoft

                        Certified Professional</strong></td>

                  </tr>

                  <tr>

                    <td colspan="2" style="color:rgb(51,51,51);font-size:14px;font-family:Arial,Helvetica,sans-serif"><strong>Microsoft

                        Certified Small Business Specialist</strong></td>

                  </tr>

                  <tr>

                    <td colspan="2" style="color:rgb(51,51,51);font-size:14px;font-family:Arial,Helvetica,sans-serif"><strong>Digium

                        Certified Asterisk Professional</strong></td>

                  </tr>

                  <tr>

                    <td colspan="2" style="color:rgb(51,51,51);font-size:14px;font-family:Arial,Helvetica,sans-serif"><strong>High

                        Powered Help, Inc.</strong></td>

                  </tr>

                  <tr>

                    <td style="vertical-align:top;width:20px;color:rgb(0,0,0);font-size:14px;font-family:Arial,Helvetica,sans-serif" width="20" valign="top">p:</td>

                    <td style="vertical-align:top;color:rgb(51,51,51);font-size:14px;font-family:Arial,Helvetica,sans-serif" valign="top">678-905-8569</td>

                  </tr>

                  <tr>

                    <td style="vertical-align:top;width:20px;color:rgb(0,0,0);font-size:14px;font-family:Arial,Helvetica,sans-serif" width="20" valign="top">w:</td>

                    <td style="vertical-align:top;color:rgb(51,51,51);font-size:14px;font-family:Arial,Helvetica,sans-serif" valign="top"><a href="https://hph.io" style="color:rgb(29,161,219);text-decoration:none;font-weight:normal;font-size:14px" target="_blank">hph.io</a>  <span style="color:rgb(0,0,0)">e: </span><a href="mailto:mj@hph.io" style="color:rgb(29,161,219);text-decoration:none;font-weight:normal;font-size:14px" target="_blank">mj@hph.io</a></td>

                  </tr>

                </tbody>

              </table>

              <br>

              <br>

              </td>

          </tr>

        </tbody>

      </table>

    </div>

    <div class="gmail-m_7180835906601131637moz-cite-prefix">On 2/7/19 5:03 AM, Drake Drake wrote:<br>

    </div>

    <blockquote type="cite">

      <div dir="ltr">Hi,

        <div><br>

        </div>

        <div>I'm new to Tinc and I'm having some hard time to figure out

          the proper configuration for my use case. In hope you can help

          me out.</div>

        <div><br>

        </div>

        <div>A) SERVER running tinc (Ubuntu 16.04 LTS)</div>

        <div>External IP: 111.111.111.111 (ddns)</div>

        <div>Behind a router with NAT, local IP of SERVER: 192.168.0.4</div>

        <div><br>

        </div>

        <div>B) CLIENT running tinc (Ubuntu 16.04 LTS)</div>

        <div>External IP: 222.222.222.222 (ddns)</div>

        <div>Behind a router with NAT, local IP of CLIENT: 192.168.1.100</div>

        <div><br>

        </div>

        <div>I would like to make a tunnel between SERVER and CLIENT in

          order to access TVheadend SatIP on SERVER from CLIENT. The

          ports are 9981 and 9981 (UDP and TCP). That is, my CLIENT

          should see the SERVER.</div>

        <div>I don't want to route any of the internet traffic over

          client or server, just to have access to these remote ports.</div>

        <div>What would be the way to achieve this?</div>

        <div><br>

        </div>

        <div>Many thanks,</div>

        <div>drake</div>

      </div>

      <br>

      <fieldset class="gmail-m_7180835906601131637mimeAttachmentHeader"></fieldset>

      <pre class="gmail-m_7180835906601131637moz-quote-pre">_______________________________________________

tinc mailing list

<a class="gmail-m_7180835906601131637moz-txt-link-abbreviated" href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a>

<a class="gmail-m_7180835906601131637moz-txt-link-freetext" href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>

</pre>

    </blockquote>

  </div>

_______________________________________________<br>

tinc mailing list<br>

<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>

<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>

</blockquote></div></div>