Misunderstanding of Subnet directive in hosts files

Guus Sliepen guus at tinc-vpn.org
Tue Aug 21 12:53:48 CEST 2012 

On Mon, Aug 20, 2012 at 04:17:01PM +0400, SVM wrote:

> >Hm, that is strange, once a connection has been made through NAT it should keep
> >working, unless the connection timeouts on the NAT device are set very small.
> >You could try setting "PingInterval = 30" in tinc.conf to have tinc send ping
> >packets more often.
> 
> It doesn't help, unfortunately. Works only if TCPOnly=yes.
> Or if I say ping <rootnode-ip-addr> via tinc tap interface to "root"
> node, but also just for approx. 1 minute. It's definetly due to
> double NAT, I tnink.

Ok, I'll investigate this.

> Here is one more question. How does "internal" Ping between nodes
> go? Via meta- or data-connection, just like usual icmp-echo-request?

Pings are sent both via the meta- and the data-connection.

> >>If I leave TCPOnly=no(default) tinc cannot determine itself to use
> >>tcp instead of udp in my case as it described in documentation.
> >
> >Tinc should determine it itself. If it does not, that is a bug. It can take a
> >minute though for tinc to detect that UDP has failed to work. Does it still not
> >work for you after more than a minute?
> 
> Yes, still doesn't work. Maybe here is situation, when at first tinc
> works fine via UDP, but after a minute - there is no more
> translation rule on NAT-device of my provider? Should tinc do this
> check only at start or somehow else?
> I use tinc 1.0.11-1 from ubuntu 10.04.4 universe repo.

Oh, but that is really old; please upgrade to 1.0.19 and try again!

> My "root" node has two uplinks from different ISP and I want client
> nodes could make two connection to the same tinc-daemon on "root"
> but to different ip-addresses for redundancy purposes(in case of one
> uplink will fail).
> 
> May I write two "Address=" lines in one host file? or simply use two
> different host files for each connection?

You can write two or more Address lines. It will only make one connection at a
time, but when it fails it will try the other Address. Tinc does not support
multiple simultaneous connections between two daemons.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120821/aebfb57c/attachment.pgp>

More information about the tinc mailing list