is it possible to let two nodes in different LAN directly connected with another public server ?

Etienne Dechamps etienne at edechamps.fr
Wed Nov 2 10:22:49 CET 2016 

Yes, tinc will attempt to establish a direct data tunnel between PC1 and
PC2 even if they don't have a direct metaconnection (ConnectTo) o each
other, and even if they are behind NATs.

If only one side (PC1) is behind a NAT, that should always work. If both
sides are behind NATs, then it will work under the condition that both NATs
support UDP Hole Punching. In other words it will work as long as the NAT
isn't symmetric. See
https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation

In addition, if you have UPnP support enabled in tinc, *and* the NAT
supports UPnP (unlikely if the NAT is on the ISP side, i.e. CGN), then tinc
will automatically configure port forwarding on the NAT and the end result
is basically the same as no NAT at all.

Also note that tinc 1.1 might be more effective than 1.0 at circumventing
NATs, because of improved logic such as
https://github.com/gsliepen/tinc/pull/65/commits/9bb230f30f665779eb89dcce077a15360ec50be1

In any case, if tinc is unable to send data packets directly, it will
automatically and transparently fall back to forwarding them via your
central node ("VPS"). To determine what's actually going on you can use a
sniffer (tcpdump, Wireshark) to look at where the packets are physically
going. Alternatively, on 1.1 you can use "tinc info" commands to determine
if tinc is sending packets directly or through a relay node.

On 2 November 2016 at 08:51, Zhang Jun <gb2313 at gmail.com> wrote:

> pc1(LANa)  ----poor connection ----> VPS  <--------- PC2(LANb)
>
> pc1 and pc2 used to connected directly with tinc, since pc1 used to have
> WAN IP(pppoe),
> but the pppoe IP is not WAN IP anymore (ISP changed to let all ADSL user
> in a LAN).
>
> if I let the two pc connect to a VPS with tinc,
> can later connections between pc1 and pc2 be directly ?
> for example, ssh from pc1 to pc2 but not proxyed by VPS.
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20161102/5d36bc6f/attachment.html>

More information about the tinc mailing list