Automatic configuration of direct routes behind NAT
Guus Sliepen
guus at tinc-vpn.org
Wed Feb 22 23:32:30 CET 2012
On Wed, Feb 22, 2012 at 05:49:26PM +0000, Pedro Côrte-Real wrote:
> Now if both leaves are behind the same NAT the central node sees the
> same address for both and they will both try to connect through the
> same (their own) NAT router. If you configure them on different ports
> and do individual port forwards it would work but in an inefficient
> way because all the packets would be going Leaf1->NATRouter->Leaf2.
> The 5 steps I had summarized before would solve this with step 2,
> getting to Leaf1->Leaf2 directly and not requiring the port forward at
> all.
I just committed local node discovery support to the git repository. It is a
simplified version of Daniel Schall's idea, and basically just adds some
broadcast packets to the PMTU discovery phase. If another node on the same LAN
sees those, it will pick up the LAN IP address of the first node and will use
that for further communication.
Get it from http://tinc-vpn.org/repository/, read the README.git, compile, and
add "LocalDiscovery = yes" to tinc.conf to enable this feature.
I have tested it locally and it works fine. In fact, only one of the nodes on
the LAN needs to support this, and no support from a third node is necessary.
On the other hand, it doesn't work with more complicated network situations.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120222/1ae980e8/attachment.pgp>
More information about the tinc
mailing list