larger than minimun MTU, forwarding via other node

Cobin Bluth cbluth at gmail.com
Sat Feb 1 22:10:20 CET 2014 

It turns out that the LocalDiscovery configuration worked. And my NAT
device is a little pfsense
box<http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007>
that
supports "NAT Reflection" aka "hairpin routing", so im sure that i can
enable it somehow if i wanted to. At the moment everything is working as
expected! Bedankt voor de hulp, Guus!


On Sat, Feb 1, 2014 at 4:52 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:

> On Fri, Jan 31, 2014 at 07:39:21PM -0800, Cobin Bluth wrote:
>
> > First off, I would like to express my appreciation for the tinc software,
> > it has been such a great vpn solution for what i need, its amazing.
>
> Thanks!
>
> > I am setting up another node on the vpn. "KVM" is my public facing node,
> > "MacbookAir" is my workstation, "NewNode" is my node i have recently
> > configured and the one with the issue presumably. NewNode and MacbookAir
> > are on the same network, KVM is on a separate physical network.
> >
> > I configure NewNode per usual, and then when i ping from MacbookAir to
> > NewNode over the vpn network, i get very slow speeds, but when i ping
> > NewNode over my local network, i get reasonable speeds. From my
> > understanding, tinc will forward packets through any available node until
> > it can establish a direct p2p or node-to-node connection, is this
> correct?
> > This does not seem to happen.
>
> Yes, however I think the problem in your situation is that NewNode and
> MacbookAir learn each other's IP address from KVM, and since they are
> behind a
> NAT, KVM only knows the IP address of the NAT device. Therefore, NewNode
> and
> MacbookAir try to communicate to each other via the NAT device (this is
> called
> hairpin routing). Your NAT doesn't support this, so NewNode and MacbookAir
> think they cannot connect directly to each other.
>
> The fix is to add "LocalDiscovery = yes" to either MacbookAir or Newnode's
> tinc.conf. This will cause them to send broadcast packets on the local
> network,
> so they can learn each other's local IP address.
>
> --
> Met vriendelijke groet / with kind regards,
>      Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140201/0814551d/attachment.html>

More information about the tinc mailing list