UDP and NAT
Rob Townley
rob.townley at gmail.com
Wed Apr 1 07:11:48 CEST 2009
On Tue, Mar 31, 2009 at 7:41 PM, Keiji Costantini <lists at strites.net> wrote:
> At the moment I have 2 network connected in a VPN and I'm planning to
> extend this.
>
> Actual status:
> Network A has a public IP
> Network B is behind a provider-scale NAT.
>
> Actually I'm using openvpn with a single UDP connection from B to A, and
> hosts inside Network A can communicate with B.
>
> I tried with tinc, and I saw tinc has to go TCP-Only for accomplish
> this. This is because Tinc can't reutilize incoming UDP connections to
> reply back - has to set up an outgoing udp connection defined in config
> (thing that in a NAT-ed environment isn't possible)
>
> I saw in git repository that tinc fallbacks to TCP-Only if it can't
> estabilish a double-UDP connection, that is fine. But shouldn't tinc get
> the ability to use an inbound tcp connection to answer back the remote
> host? (maybe setting incoming ip and leaving port blank or something)
>
> --
> Keiji Costantini
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
It is possible to have end-to-end UDP even when behind NATs if the
configuration were moved to dynamic dns with the port # automatically
updating a TXT record or some other hub service.
More information about the tinc
mailing list