No connection between nodes on same LAN
Rob Townley
rob.townley at gmail.com
Tue May 11 10:53:26 CEST 2010
On Sun, May 9, 2010 at 7:09 AM, Daniel Schall <Daniel-Schall at web.de> wrote:
>> Thanks for the diagram - what did you use to create it?
>
> The diagram was made using Microsoft Visio 2007.
>
>> First, what version of tinc are you using on your nodes - is it 1.0.13?
>
> I am using tinc 1.013, the pre-compiled version from the website. All the
> nodes are running windows.
>
>> A third option that might work is when doing PMTU discovery after
> exchanging
>> session keys between Node1 and Node2 (via their meta connections with
> Node3 of
>> course), that they also send some MTU probes to the broadcast address. The
>> receiving node will update the known address of the peer when it receives
> a
>> valid UDP packet, whereever it came from.
>
>> I think the third option is easiest to implement, I don't know if it will
> work
>> though. I'm a little busy this month so if you or someone else wants to
> try to
>> implement it, please go ahead :)
>
> I am curious to implement it, but I am also rather busy.
> Currently, I am studying the sources to evaluate, what to implement:
> a) a broadcast discovery algorithm to find all nodes in the same network
> segment OR
> b) making each node send its endpoints to all other nodes to let them choose
> what endpoint they want to contact the node
>
>
> In the meantime, I've found out why the nodes do not communicate over their
> public NAT-addresses in some circumstances.
> It's the router that blocks UDP packets from other sources than the one the
> connection was originally established, especially packets from "behind" the
> router that get passed to a port at its public interface.
> That will also prevent other nodes to contact the ones behind the router,
> since the packets they send come from other endpoints than the one the
> internal node connected to in the first place.
i don't know if totally understand what you are saying but "disabling
loopback" on the router or disabling wireless-to-wireless connections
would be detrimental.
Even with loopback disabled, dynamic dns storing the external port
numbers would still be useful.
>
>
> Best
>
> Daniel
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
More information about the tinc
mailing list