Hi there, I?m trying to use tinc to solve this scenario: Host A has public/know ip address Hosts B and C are behind nat I?m using switch mode, and hosts B and C has IndirectMode enabled. Host A is in listen only mode (no ConnectTo set), hosts B and C connects to A. Everything works almost as expected... B and C connects to A, and they can ping each other, but ONLY after each other learns the other MAC thru A. What I mean is: if I start A, B, C, and try to ping C from B, ping will fail, but if I send a ping to A from C, then B will be able to ping C as it will learn the MAC of C thru A. If there?s no traffic between the hosts for a while, then the arp entries will expire from arp tables and the problem will happen again. Is there a way to solve this with a tinc configuration? leaving a cron job to make nated hosts ping A is not a elegant option :-( -- Christian Lyra PoP-PR/RNP
Can you give some more detail about the specifics of the network? Such as the subnetting? Is the Tinc interface on A bridged? On Mon, Feb 16, 2009 at 10:23 PM, Christian Lyra <lyra at pop-pr.rnp.br> wrote:> Hi there, > > I?m trying to use tinc to solve this scenario: > > Host A has public/know ip address > Hosts B and C are behind nat > > I?m using switch mode, and hosts B and C has IndirectMode enabled. > Host A is in listen only mode (no ConnectTo set), hosts B and C > connects to A. Everything works almost as expected... B and C > connects to A, and they can ping each other, but ONLY after each other > learns the other MAC thru A. What I mean is: if I start A, B, C, and > try to ping C from B, ping will fail, but if I send a ping to A from > C, then B will be able to ping C as it will learn the MAC of C thru A. > If there?s no traffic between the hosts for a while, then the arp > entries will expire from arp tables and the problem will happen again. > > Is there a way to solve this with a tinc configuration? leaving a cron > job to make nated hosts ping A is not a elegant option :-( > > -- > Christian Lyra > PoP-PR/RNP > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20090216/642399cf/attachment.htm
On Tue, Feb 17, 2009 at 12:23:20AM -0300, Christian Lyra wrote:> I?m trying to use tinc to solve this scenario: > > Host A has public/know ip address > Hosts B and C are behind nat > > I?m using switch mode, and hosts B and C has IndirectMode enabled. > Host A is in listen only mode (no ConnectTo set), hosts B and C > connects to A. Everything works almost as expected... B and C > connects to A, and they can ping each other, but ONLY after each other > learns the other MAC thru A. What I mean is: if I start A, B, C, and > try to ping C from B, ping will fail, but if I send a ping to A from > C, then B will be able to ping C as it will learn the MAC of C thru A. > If there?s no traffic between the hosts for a while, then the arp > entries will expire from arp tables and the problem will happen again.This is probably caused by NAT or other stateful firewall rules. Try adding TCPOnly = yes to your host config files, that should solve the problem. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20090217/c9c0299c/attachment.pgp