tinc devel - May 2014 - Option to turn off listen port, e.g. client only mode

Hey,

I have this setup on my small test tinc-vpn.

HostA (runs on a server and is publicly accessible)

HostB (runs on my laptop (behind firewall) sometimes and connects to HostA)

HostC (runs on a Amazon AWS server (behind firewall) to test long uptime and
connects to HostA)

This setup allows me to communicate from HostB to HostC thru HostA without any
issues.

Everything works great, but I have a feature request I?m not sure if this is the
correct place for it, but since HostA in my case is the only host that accepts
incoming connections (both the other hosts are behind firewalls) I would like to
set Port = -1 on both HostB and HostC in tinc.conf to tell them to NOT listen
for incoming connections, since there is no way they will ever get one.

Why do I want to do this? Basically I don?t want to take up a port just for
having a listen socket on port 655 that no one is ever going to connect to.

By setting  "Port = -1", you would be able to tell tincd to act as
client only?

Maybe there is already such an option available by doing something else, but I
couldn?t find anything in the documentation and I read thru the source code in
net_setup.c and didn?t see anything about it either.

Does anyone have any thoughts about this? I have just joined the mailing list,
so maybe this have been up for discussion before?

I?m running tincd-1.0.23, at the moment.


Thanks,
Kenth Andersson

On Wed, May 14, 2014 at 04:24:39PM +0200, Kenth Andersson wrote:
> Everything works great, but I have a feature request I?m not sure if this
is the correct place for it, but since HostA in my case is the only host that
accepts incoming connections (both the other hosts are behind firewalls) I would
like to set Port = -1 on both HostB and HostC in tinc.conf to tell them to NOT
listen for incoming connections, since there is no way they will ever get one.
> 
> Why do I want to do this? Basically I don?t want to take up a port just for
having a listen socket on port 655 that no one is ever going to connect to.
> 
> By setting  "Port = -1", you would be able to tell tincd to act
as client only?
> 
> Maybe there is already such an option available by doing something else,
but I couldn?t find anything in the documentation and I read thru the source
code in net_setup.c and didn?t see anything about it either.
You can actually do this already, and indeed it is an undocumented
feature: use "Port = 0". Note that it will still create a listening
port
(tinc needs to do this at least for UDP), but it will be a random unused
one.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20140514/bfdebedc/attachment.sig>

14.05.2014 18:24, Kenth Andersson wrote:
> Hey,
> 
> I have this setup on my small test tinc-vpn.
> 
> HostA (runs on a server and is publicly accessible)
> 
> HostB (runs on my laptop (behind firewall) sometimes and connects to HostA)
> 
> HostC (runs on a Amazon AWS server (behind firewall) to test long uptime
and connects to HostA)
> 
> This setup allows me to communicate from HostB to HostC thru HostA without
any issues.
> 
> Everything works great, but I have a feature request I?m not sure if this
is the correct place for it, but since HostA in my case is the only host that
accepts incoming connections (both the other hosts are behind firewalls) I would
like to set Port = -1 on both HostB and HostC in tinc.conf to tell them to NOT
listen for incoming connections, since there is no way they will ever get one.
The Port directive specifies 2 ports - one TCP for incoming _connections_,
and another, which is more important, is UDP to receive packets sent your
way for the inside-tunnel data.
> 
> Why do I want to do this? Basically I don?t want to take up a port just for
having a listen socket on port 655 that no one is ever going to connect to.
Are you short of ports?  You have another 65535 - 1 ports to use.
Srsly, I just see no point.

Thanks,

/mjt