Well i currently try to set up tinc between two hosts, one with normal dsl
connection one behind some kind of unknown firewall (Note since OpenVp is able
to connect when the normal one is the Server I guess tinc should be able, too)
start.bat-------------------------------tincd -n Empire-Network -D -d4
--bypass-security (Bypass is only currently because tis not working yet)
------------------------------Host behind Firewall
config:-------------------------------------Name = EmpirePhoenix
Interface = Tinc-Vpn
Mode = switch
TunnelServer = yes
ConnectTo = DarkNoir
-----------------------------------
It's host file---------------------------------Address =
empirephoenix.dyndns.org
Port = 1194
IndirectData = yes
Subnet = 192.168.99.1
-----BEGIN RSA PUBLIC KEY-----
blablabla
-----END RSA PUBLIC KEY-----
--------------------------------------
The other one with the normal connection:----------------------Name = DarkNoir
Interface = Tinc-Vpn
Mode = switch
TunnelServer = yes
ConnectTo = EmpirePhoenix
--------------------Host file---------------------------Address =
dark-noir.dyndns.org
Port = 1194
IndirectData = yes
Subnet = 192.168.4.2
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMnlQCxBp8hIGYcRcEOV3b4QaVaGtLDy3sYdE0QIFAOGFVV3Z1ZUOihb
tf/Q+tTqVHigLIOVx/uJg+FQ8DEs2xLNZ+kL9NPPEA3RkY9lKWmwk77Mete0cPkG
3qEYry5IvJVqYwZM8TXzUGFZLy4CFxA+R8PaCLewGAMLg3UYJGPXAgMBAAE-----END RSA PUBLIC
KEY-----
------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20090914/f71514d2/attachment.htm>
On Mon, Sep 14, 2009 at 02:50:56PM +0000, Kai Boernert wrote:> Well i currently try to set up tinc between two hosts, one with normal dsl > connection one behind some kind of unknown firewall (Note since OpenVp is > able to connect when the normal one is the Server I guess tinc should be > able, too)For nodes behind a firewall, you might need to add "TCPOnly = yes" to the host config files of those nodes. (NAT handling will be improved in tinc 1.0.10.)> ------------------------------ > Host behind Firewall config: > ------------------------------------ > Name = EmpirePhoenix > Interface = Tinc-Vpn > Mode = switch > TunnelServer = yes > ConnectTo = DarkNoirThe TunnelServer option is an experimental feature, and a lot of bugs in it have been found (but will be fixed in 1.0.10). But if you have only two hosts, you do not need this option. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090914/9020e9d3/attachment.pgp>
> For nodes behind a firewall, you might need to add "TCPOnly = yes" tothe host config files of those nodes. And BlockingTCP = yes too. Or better say, if your tinc server is behind NAT use: TCPOnly = yes BlockingTCP = yes ALBI...