No connection between nodes on same LAN

Rob Townley rob.townley at gmail.com
Tue May 11 11:03:57 CEST 2010 

On Thu, May 6, 2010 at 8:47 AM, Daniel Schall <Daniel-Schall at web.de> wrote:
> Hi all,
>
>
>
> I am currently deploying tinc as an alternative to OpenVPN.
>
> My setup includes a lot of nodes and some of them are sitting together
> behind the same router on the same network segment.
>
> (E.g. connected to the same switch.)
>
>
>
> I noticed, that those nodes do never talk directly to each other via their
> private ip-addresses, but instead use the NATed address they got from the
> router.
>
> Furthermore, some talk only over a third node, that sits outside the LAN.
>
>
>
> ====Example ====
>
>
>
> Router1               :
>
> Public IP              1.1.1.1
>
>
>
> Local LAN behind said router
>
>                 Subnet                 192.168.0.x/24
>
>
>
> Tinc-VPN             :
>
>                 Subnet                 172.25.3.0/24
>
>
>
>
>
> Node1
>
>                 Behind Router1
>
>                 NAT-UDP            1.1.1.1:1001
>
>                 LAN-IP                 192.168.0.101
>
>                 Tinc-IP                  172.25.3.101
>
>
>
> Node2
>
>                 Behind Router1
>
>                 NAT-UDP            1.1.1.1:1002
>
>                 LAN-IP                 192.168.0.102
>
>                 Tinc-IP                  172.25.3.102
>
>
>
> Node3
>
>                 Public IP              2.2.2.2
>
>                 Tinc-IP                  172.25.3.1
>
>
>
> Node1 connects to Node3.
>
> Node2 connects to Node3.
>
> Both nodes can ping Node3’s tinc-ip.
>
>
>
> But both nodes (1 & 2) do not get a direct connection, they only talk via
> Node3.
>
> So pinging Node2 from Node1 results in a packet from Node1 to Node3 and from
> Node3 to Node2’s NATed UDP-Port at the router.
>
> Sometimes, It results in a “direct” packet from Node1 to Node2’s public
> UDP-Port.
>
>
>
> It seems to me as if tinc is unable to see, that Node1 and Node2 are sitting
> “right next to each other”, and is only considering the publicly visible UDP
> port to send data to.
>
>
>
>
>
> Can anyone confirm this, or do I have some misunderstanding regarding tinc?
>
>
>
> Additional information:
>
> Every Node has every other node’s public key. The host configuration is
> always the same:
>
> Port                                                      = 1655
>
> IndirectData                                      = no

I assume you tried IndirectData both ways and it did not help.  Not
sure which way it should be but i would think you would need other
tinc deamons to make a direct connection to you even if they are not
in the ConnectTo list.

>
> PMTUDiscovery                              = yes
>
> Compression                                    = 10
>
>
>
> Only Node3 has a Address set. This node acts kinda like a “server”, where
> all other nodes connect to.
>
> I plan to add more “server-like” nodes in the near future that provide a
> fixed address.
>
>
>
> The config file looks like this:
>
> Name                   = NodeX
>
> ConnectTo         = Node3 (this line is of course missing on Node3)
>
> Device                 = {.. Windows UUID.. }
>
> DeviceType        = tap
>
> Mode                   = switch
>
>
>
> Node adresses are assigned using a DHCP server on Node3.

Are you saying your tinc addresses are already received via DHCP?  i
am interested, please explain.

>
>
>
>
>
> I’d be happy hearing from you guys.
>
>
>
>
>
> Best regards
>
>
>
> Daniel Schall
>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>

More information about the tinc mailing list