Automatic configuration of direct routes behind NAT
Guus Sliepen
guus at tinc-vpn.org
Wed Feb 22 15:28:44 CET 2012
On Wed, Feb 22, 2012 at 01:40:20PM +0000, Pedro Côrte-Real wrote:
> I setup Leaf1 and Leaf2 to connect to CentralNode and they both do and
> everyone can talk to everyone.
>
> However, when both Leaf's are behind the same NAT it would be nice if
> they were able to figure that out and not have to go through
> CentralNode for everything. Since the IP addresses are always changing
> I can't configure an Address option. Is tinc able to just try and use
> whatever is the current IP address of the two hosts and see if it can
> communicate?
The current protocol does allow a client to send its own address to others.
However, perhaps it could detect that it is trying to connect to a node that,
as seen form CentralNode, has the same address as itself.
At the end of 2010 year two ways to deal with this were proposed, one by Daniel
Schall and one by me, but nothing happened. In the last months there apparently
has been an increased interest in a way for tinc to detect local peers, so I
will try to get this merged before the next release.
> If they're behind the same NAT it would work and if not
> it would just continue to go back and forth to CentralNode. In that
> situation it would ideally use something like STUN so it could do away
> with the central node even when both hosts are behind two different
> NATs.
If they are not behind the same NAT, tinc does use a STUN-like technique to
allow the Leafs to talk to each other directly (if the NAT devices allow that).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120222/91cd8593/attachment.pgp>
More information about the tinc
mailing list