Hello list, I wonder why tinc tries to resolve host names before connection even with configured (socks5) proxy which fails behind restrictive firewalls. Is there any "workaround"? Thanks in advance! Regards Uwe -------------- n?chster Teil -------------- Ein Dateianhang mit HTML-Daten wurde abgetrennt... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151027/0ec2a4da/attachment.html>
On Tue, Oct 27, 2015 at 12:33:35PM +0000, Uwe Werler wrote:> I wonder why tinc tries to resolve host names before connection even > with configured (socks5) proxy which fails behind restrictive firewalls.You are right that it shouldn't be necessary to do this with SOCKS5. With SOCKS4, it needs to know the exact address, and then I just used that for SOCKS5 as well.> Is there any "workaround"?The workaround is to do resolve the hostnames yourself and replace the hostnames in the Address statements with numeric addresses. I'll try to change tinc so it will allow connections via SOCKS5 even if it cannot resolve the hostname itself. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151027/50e1a0ae/attachment.sig>
Hello Guus, thanks for Your fast reply. Does it mean only socks is affected and http proxy should work? If this is the case then this may be a temp. solution. Thanks and regards! Uwe Am 27.10.2015 14:08:36, schrieb Guus Sliepen:> On Tue, Oct 27, 2015 at 12:33:35PM +0000, Uwe Werler wrote: > > > I wonder why tinc tries to resolve host names before connection even > > with configured (socks5) proxy which fails behind restrictive firewalls.> You are right that it shouldn't be necessary to do this with SOCKS5. > With SOCKS4, it needs to know the exact address, and then I just used > that for SOCKS5 as well. > > > Is there any "workaround"?> The workaround is to do resolve the hostnames yourself and replace the > hostnames in the Address statements with numeric addresses. I'll try to > change tinc so it will allow connections via SOCKS5 even if it cannot > resolve the hostname itself. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <> guus at tinc-vpn.org> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-- Sent with love from the Tine 2.0 email client ... Please visit http://www.tine20.com -------------- n?chster Teil -------------- Ein Dateianhang mit HTML-Daten wurde abgetrennt... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151027/935a7cf0/attachment.html>
On Tue, Oct 27, 2015 at 02:08:36PM +0100, Guus Sliepen wrote:> > I wonder why tinc tries to resolve host names before connection even > > with configured (socks5) proxy which fails behind restrictive firewalls. > > [...] I'll try to change tinc so it will allow connections via SOCKS5 > even if it cannot resolve the hostname itself.I added the ability for tinc to connect through a proxy even if it cannot resolve hostnames itself, for both SOCKS5 and HTTP proxies. If you can, please try out the latest version from git yourself: git clone http://tinc-vpn.org/git/tinc And see README.git. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151107/89bef7b8/attachment.sig>