Tinc clients behind a NAT, tunnels get unstable
Marcus Schopen
lists at localguru.de
Fri Sep 25 22:45:24 CEST 2015
Hi Guus,
Am Freitag, den 25.09.2015, 17:46 +0200 schrieb Marcus Schopen:
> Hmmm ... I've tried "LocalDiscovery = yes"
> in /etc/tinc/mytunnel/tinc.conf already, but that didn't help. Config on
> client A is:
>
> ---------------
> Name = clienta
> AddressFamily = ipv4
> Interface = tun0
> ConnectTo = host
> PingInterval = 30
> LocalDiscovery = yes
> ---------------
I think I figured the problem out. The clients behind the local NAT
connect the host and all traffic is running through the host, which is
working as NAT itself for accessing the internet (internet
proxy/gateway).
On each client this script is executed, when starting the tunnel
connection to the host:
---------
#!/bin/sh
VPN_GATEWAY=10.20.0.1
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add $VPN_GATEWAY dev $INTERFACE
ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
---------
If I disable above routing rules, the clients behind the NAT can talk
directly to each other. But how do I have to configure the ip route
rule, so that all "internet" traffic is going through the external tinc
host and the same time the tinc clients behind the NAT talk directly? On
the local eth0 interface each client can ping or connect to services at
each another client in the local network. What did I miss to configure
here?
Ciao
Marcus
More information about the tinc
mailing list