Node to Node UDP Tunnels HOWTO?
Keith Whyte
keith at rhizomatica.org
Tue May 15 19:23:52 CEST 2018
Hi all, many thanks for the replies!
On 14/05/18 19:05, Parke wrote:
> On Mon, May 14, 2018 at 4:44 AM, Keith Whyte <keith at rhizomatica.org> wrote:
>> but then I read that no, each host much have the key of
>> the other to establish the direct connection. But I am looking at
>> tcpdump right now in the terminal and seeing the UDP tunnel packets
>> flowing from B to C.
> Where do you read the above?
I think it was here in the mailing list, and also in the documentation,
but never mind. It's clear now that this applies to meta connections.
On 14/05/18 20:39, Etienne Dechamps wrote:
>
> - While tinc is doing the above, in parallel, it will send UDP "probe"
> packets to the destination node. These probes serve three purposes at
> the same time: (1) they enable tinc to determine if the destination
> node is reachable over UDP; (2) if it is, they enable tinc to
> determine the PMTU; and (3) they de facto act as NAT hole punchers
> (because both nodes will be sending probes to each over at the same
> time using the same ports).
Ah! I'm noticing that configuring static ports on the NAT in front of a
tinc node with a public IP seems to make a difference to the number of
other tinc nodes that can then establish direct data with it.
Also, I have two tinc nodes behind a domestic gateway and one of them is
doing direct data to a tinc node that is behind a NAT with no explicit
port forwarding, the other is relaying. This is just the way it is with
NAT hole punching, I suppose.
(there are more than A,B+C in my real world setup)
> (This whole process is quite clever and very well done IMHO - Guus
> gets the credit for this fantastic job.)
>
Yes indeed!
More information about the tinc
mailing list