UDP and NAT
Guus Sliepen
guus at tinc-vpn.org
Wed Apr 1 13:04:38 CEST 2009
On Wed, Apr 01, 2009 at 02:41:43AM +0200, Keiji Costantini wrote:
> I saw in git repository that tinc fallbacks to TCP-Only if it can't
> estabilish a double-UDP connection, that is fine. But shouldn't tinc get
> the ability to use an inbound tcp connection to answer back the remote
> host? (maybe setting incoming ip and leaving port blank or something)
The problem in tinc is not single connections, it is the full-mesh capability
which is hard to get working in a NAT-proof way. The protocol uses the source
address + portnumber of UDP packet to determine which node it came from. Simply
disregarding the portnumber is not a full solution. I'm trying to rewrite the
way tinc handles UDP, but it is pretty invasive. If I have something remotely
working I'll commit it.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20090401/c61e0755/attachment.pgp
More information about the tinc
mailing list