Hi In the case where you have access to TCP and UDP outbound initiated connections and no choice of the port numbers due to the firewall setup it would be very useful to be able to specify both the UDP and TCP ports that tinc uses separately. Currently in 1.0 I end up with a TCP based VPN because I can't tell tinc which UDP port to connect to the remote side on. Could this be added to 1.1? Thanks Peter -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180322/8de49a14/attachment.html>
Gentlepeople - I was about to add code to allow for specifying a „firewall mark“ for the traffic generated by tinc in order to make it easier to be policy routed and just wanted to check if somebody else might be „on it“ already. Was this discussed somewhere else already? Is it even already on the todo-list? Thanks, Clemens
On Thu, Mar 22, 2018 at 06:31:27AM +0000, Peter Whisker wrote:> In the case where you have access to TCP and UDP outbound initiated > connections and no choice of the port numbers due to the firewall setup it > would be very useful to be able to specify both the UDP and TCP ports that > tinc uses separately. Currently in 1.0 I end up with a TCP based VPN > because I can't tell tinc which UDP port to connect to the remote side on. > Could this be added to 1.1?If you really cannot have the same port number for both TCP and UDP, then the workaround is to add this to tinc.conf: ListenAddress = * <TCP port> ListenAddress = * <UDP port> And in the host config file of that node: Port = <UDP port> Address = <public address> <TCP port> This works for both tinc 1.0 and 1.1. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180322/d73e2b9d/attachment.sig>
On Thu, Mar 22, 2018 at 09:29:04AM +0000, Clemens Schrimpe wrote:> I was about to add code to allow for specifying a „firewall mark“ for the traffic generated by tinc in order to make it easier to be policy routed and just wanted to check if somebody else might be „on it“ already. > > Was this discussed somewhere else already? Is it even already on the todo-list?Yes, it was discussed before, and to my shock and horror a patch was made by Olivier Tirat in 2016 that I seem to have totally forgotten about: https://www.tinc-vpn.org/pipermail/tinc/2016-October/004679.html I have committed a new patch for tinc 1.1 that does the same, the difference with Olivier's patch is that it is configured using the new "FWMark" option in tinc.conf. My apologies to Olivier! -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180402/ba7df8ac/attachment.sig>