I'm trying to connect 2 machines: 1) "server": my home machine, has a public IP, firewalled with iptables 2) "client": machine at the school I work at as sysadmin, private IP, behind a ISDN router connected to the Internet through their ISP. Since there is no way I can access the school machine from the home one, I thought a vpn between the two could enable me to do that. I installed and configured tinc on both machines, but I cannot ping from any side. When I try to connect from "client" to "server", the tinc logs at "server" show: Received UDP packet from unknown source 194.210.6.254 port 756 This address seems to be the dynamic IP of the ISDN router. It seems that the firewall / masquerading on the router is confusing tinc. Is that right? Is there anything I can do on either machine to get the vpn going, without having to change anything on the router or on the school's ISP side? And another question: the "client" machine host file cannot have an Address= option, since it has no public IP assigned. Is this OK with tinc? Thanks for any help. -- Carlos Sousa http://vbc.dyndns.org/ Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
Carlos Sousa wrote:> I installed and configured tinc on both machines, but I cannot ping from > any side. When I try to connect from "client" to "server", the tinc logs > at "server" show: > > Received UDP packet from unknown source 194.210.6.254 port 756 > > This address seems to be the dynamic IP of the ISDN router. It seems that > the firewall / masquerading on the router is confusing tinc. Is that right?Correct.> Is there anything I can do on either machine to get the vpn going, > without having to change anything on the router or on the school's ISP > side?Yes. If you have access to the firewall's iptables rules, you can tell it to use port 655 for outgoing masqueraded tinc traffic. If you don't have access, the TCPOnly option is for you. For more information and setup guidelines, see http://tinc.nl.linux.org/examples/masquerading-firewall> And another question: the "client" machine host file cannot have an > Address= option, since it has no public IP assigned. Is this OK with tinc?Yes. Address is only required for hosts that people connect to. Ivo -- Software isn't released, it's allowed to escape. Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/