i have a switched and bridged tincd node with two addresses, each with a different port. Address = 37.70.156.168 28655 Address = 192.168.2.228 655 i was having trouble reliably connecting to it / thru it and noticed that a log from a remote tincd node indicated it may have mixed up the ports. It doesn't appear to use the 28655 port that would be needed for remote access. Before i changed to switch mode, the remote tincd nodes would have 28655 associated with the external ip address. 1265921476 tinc.vpn[5734]: Received packet of 92 bytes from hp821 (37.70.156.168 port 655) 1265921476 tinc.vpn[5734]: Broadcasting packet of 92 bytes from hp821 (37.70.156.168 port 655) 1265921476 tinc.vpn[5734]: Got unauthenticated packet from hp821 (37.70.156.168 port 655) 1265921476 tinc.vpn[5734]: Received packet of 60 bytes from hp821 (37.70.156.168 port 655) 1265921476 tinc.vpn[5734]: Broadcasting packet of 60 bytes from hp821 (37.70.156.168 port 655) 1265921476 tinc.vpn[5734]: Got unauthenticated packet from hp821 (37.70.156.168 port 655) 1265921476 tinc.vpn[5734]: Received packet of 92 bytes from hp821 (37.70.156.168 port 655) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100211/c886008c/attachment.htm>
On Thu, Feb 11, 2010 at 3:06 PM, Rob Townley <rob.townley at gmail.com> wrote:> i have a switched and bridged tincd node with two addresses, each with a > different port. > Address = 37.70.156.168 28655 > Address = 192.168.2.228 655 > > i was having trouble reliably connecting to it / thru it and noticed that a > log from a remote tincd node indicated it may have mixed up the ports. > It doesn't appear to use the 28655 port that would be needed for remote > access. Before i changed to switch mode, the remote tincd nodes would have > 28655 associated with the external ip address. > > > 1265921476 tinc.vpn[5734]: Received packet of 92 bytes from hp821 > (37.70.156.168 port 655) > 1265921476 tinc.vpn[5734]: Broadcasting packet of 92 bytes from hp821 > (37.70.156.168 port 655) > 1265921476 tinc.vpn[5734]: Got unauthenticated packet from hp821 > (37.70.156.168 port 655) > 1265921476 tinc.vpn[5734]: Received packet of 60 bytes from hp821 > (37.70.156.168 port 655) > 1265921476 tinc.vpn[5734]: Broadcasting packet of 60 bytes from hp821 > (37.70.156.168 port 655) > 1265921476 tinc.vpn[5734]: Got unauthenticated packet from hp821 > (37.70.156.168 port 655) > 1265921476 tinc.vpn[5734]: Received packet of 92 bytes from hp821 > (37.70.156.168 port 655) >When i try to ping a remote host behind hp821: 1095 tinc.vpn[1807]: Read packet of 42 bytes from Linux tun/tap device (tap mode) 1095 tinc.vpn[1807]: Broadcasting packet of 42 bytes from ec239dict (MYSELF) 1095 tinc.vpn[1807]: Sending packet of 42 bytes to hp821 (37.70.156.168 port 655) 1096 tinc.vpn[1807]: Read packet of 42 bytes from Linux tun/tap device (tap mode) 1096 tinc.vpn[1807]: Broadcasting packet of 42 bytes from ec239dict (MYSELF) 1096 tinc.vpn[1807]: Sending packet of 42 bytes to hp821 (37.70.156.168 port 655) 1097 tinc.vpn[1807]: Read packet of 42 bytes from Linux tun/tap device (tap mode) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100211/c781acd1/attachment.htm>
On Thu, Feb 11, 2010 at 03:06:17PM -0600, Rob Townley wrote:> i have a switched and bridged tincd node with two addresses, each with a > different port. > Address = 37.70.156.168 28655 > Address = 192.168.2.228 655Tinc itself will only listen on one port. By default 655, if you want another port you can use the Port statement. It will also use this port to send packets from. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100212/a8cbcb52/attachment.pgp>
this node doesnt have two nics, the public address is for those connecting from the public side of the NAT. As far as that tinc node knows, it is using 655. i will look elsewhwere for the connection problem. dynamic dns of port number could help tinc get better meta knowledge about itself. What was the name of the dns library you recommended? Does it work with dnsmasq? Do you use gdb debugger? On 2/12/10, Guus Sliepen <guus at tinc-vpn.org> wrote:> On Thu, Feb 11, 2010 at 03:06:17PM -0600, Rob Townley wrote: > >> i have a switched and bridged tincd node with two addresses, each with >> a >> different port. >> Address = 37.70.156.168 28655 >> Address = 192.168.2.228 655 > > Tinc itself will only listen on one port. By default 655, if you want > another > port you can use the Port statement. It will also use this port to send > packets > from. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> >
Typically you can do port translation on your firewall to map the 28655 port to 655 internally. Alternatively I believe you can run 2 Tinc instances if 1 Tinc instance will not bind to multiple sockets. It would simply require a 2nd virtual adapter. You would then have 2 public keys or host files. Connecting nodes would need the host file relative to their connecting internally or externally. On Fri, Feb 12, 2010 at 1:49 PM, Rob Townley <rob.townley at gmail.com> wrote:> this node doesnt have two nics, the public address is for those > connecting from the public side of the NAT. As far as that tinc node > knows, it is using 655. i will look elsewhwere for the connection > problem. dynamic dns of port number could help tinc get better meta > knowledge about itself. > > What was the name of the dns library you recommended? Does it work > with dnsmasq? > > Do you use gdb debugger? > > On 2/12/10, Guus Sliepen <guus at tinc-vpn.org> wrote: > > On Thu, Feb 11, 2010 at 03:06:17PM -0600, Rob Townley wrote: > > > >> i have a switched and bridged tincd node with two addresses, each > with > >> a > >> different port. > >> Address = 37.70.156.168 28655 > >> Address = 192.168.2.228 655 > > > > Tinc itself will only listen on one port. By default 655, if you want > > another > > port you can use the Port statement. It will also use this port to send > > packets > > from. > > > > -- > > Met vriendelijke groet / with kind regards, > > Guus Sliepen <guus at tinc-vpn.org> > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100212/8faf3d32/attachment.htm>