using multiple physical interfaces
Guus Sliepen
guus at tinc-vpn.org
Wed Aug 10 17:12:22 CEST 2011
On Wed, Aug 10, 2011 at 09:27:32AM -0400, Brian Prodoehl wrote:
> > The source address of the packets do not have to match that of an Address
> > statement. And since 1.0.10 the source address of UDP packets does not have to
> > match that of the TCP connection either. However, if there is some NAT device
> > between your nodes, you may be out of luck, I do not know how well they will
> > handle your situation.
>
> Good to know that it should work. There is no NAT, just direct
> connections between the nodes. I'll capture debug output and post it
> as soon as I get a chance to. I believe the debug message I was
> getting was coming out of this code:
[...]
I just had a good look at it, and there was indeed a bug in the try_harder()
function in the 1.1 branch that prevented tinc from correctly handling packets
with unknown source addresses. This should be fixed now in git.
> Would it matter if PMTU discovery is disabled?
Perhaps, by disabling PMTU discovery tinc also doesn't send UDP ping packets
anymore, so it will not detect that UDP connection is not possible anymore.
However, if it receives packets from the peer with a new source address, it
will switch over to it.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110810/e530b850/attachment.pgp>
More information about the tinc
mailing list