Kenth Andersson
2014-May-14 14:24 UTC
Option to turn off listen port, e.g. client only mode
Hey, I have this setup on my small test tinc-vpn. HostA (runs on a server and is publicly accessible) HostB (runs on my laptop (behind firewall) sometimes and connects to HostA) HostC (runs on a Amazon AWS server (behind firewall) to test long uptime and connects to HostA) This setup allows me to communicate from HostB to HostC thru HostA without any issues. Everything works great, but I have a feature request I?m not sure if this is the correct place for it, but since HostA in my case is the only host that accepts incoming connections (both the other hosts are behind firewalls) I would like to set Port = -1 on both HostB and HostC in tinc.conf to tell them to NOT listen for incoming connections, since there is no way they will ever get one. Why do I want to do this? Basically I don?t want to take up a port just for having a listen socket on port 655 that no one is ever going to connect to. By setting "Port = -1", you would be able to tell tincd to act as client only? Maybe there is already such an option available by doing something else, but I couldn?t find anything in the documentation and I read thru the source code in net_setup.c and didn?t see anything about it either. Does anyone have any thoughts about this? I have just joined the mailing list, so maybe this have been up for discussion before? I?m running tincd-1.0.23, at the moment. Thanks, Kenth Andersson
On Wed, May 14, 2014 at 04:24:39PM +0200, Kenth Andersson wrote:> Everything works great, but I have a feature request I?m not sure if this is the correct place for it, but since HostA in my case is the only host that accepts incoming connections (both the other hosts are behind firewalls) I would like to set Port = -1 on both HostB and HostC in tinc.conf to tell them to NOT listen for incoming connections, since there is no way they will ever get one. > > Why do I want to do this? Basically I don?t want to take up a port just for having a listen socket on port 655 that no one is ever going to connect to. > > By setting "Port = -1", you would be able to tell tincd to act as client only? > > Maybe there is already such an option available by doing something else, but I couldn?t find anything in the documentation and I read thru the source code in net_setup.c and didn?t see anything about it either.You can actually do this already, and indeed it is an undocumented feature: use "Port = 0". Note that it will still create a listening port (tinc needs to do this at least for UDP), but it will be a random unused one. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <tinc-vpn.org/pipermail/tinc-devel/attachments/20140514/bfdebedc/attachment.sig>
Michael Tokarev
2014-May-14 15:34 UTC
Option to turn off listen port, e.g. client only mode
14.05.2014 18:24, Kenth Andersson wrote:> Hey, > > I have this setup on my small test tinc-vpn. > > HostA (runs on a server and is publicly accessible) > > HostB (runs on my laptop (behind firewall) sometimes and connects to HostA) > > HostC (runs on a Amazon AWS server (behind firewall) to test long uptime and connects to HostA) > > This setup allows me to communicate from HostB to HostC thru HostA without any issues. > > Everything works great, but I have a feature request I?m not sure if this is the correct place for it, but since HostA in my case is the only host that accepts incoming connections (both the other hosts are behind firewalls) I would like to set Port = -1 on both HostB and HostC in tinc.conf to tell them to NOT listen for incoming connections, since there is no way they will ever get one.The Port directive specifies 2 ports - one TCP for incoming _connections_, and another, which is more important, is UDP to receive packets sent your way for the inside-tunnel data.> > Why do I want to do this? Basically I don?t want to take up a port just for having a listen socket on port 655 that no one is ever going to connect to.Are you short of ports? You have another 65535 - 1 ports to use. Srsly, I just see no point. Thanks, /mjt
Possibly Parallel Threads
- Route certain trafic via a tinc node that is not directly connected.
- HOWTO (advanced) ssh transparent proxy jump
- Agent Forwarding Anomalies on OpenBSD 3.3/OpenSSH 3.6.1
- Route certain trafic via a tinc node that is not directly connected.
- iptables: cannot port forward