What is wrong? "Creating metasocket failed"
Jason
jason at truedesign.com
Sun Sep 7 19:36:20 CEST 2003
I.R. van Dongen wrote:
> On Sat, Sep 06, 2003 at 05:51:57PM -0700, Brian Costello wrote:
>
>>tinc server / port 655 redirect to my firewall's localhost port 656. I
>>then setup a UDP forwarder on my firewall that listened on localhost
>>port 656 and forwarded packets received on localhost to the tinc server
>>port 655 FROM port 655. It's not an ideal solution by any means since
>>all my udp packets are routed through userland, but I haven't had any
>>problems with it as of yet, and the performance of the VPN seems
>>improved over the TCPonly configuration.
>
> I used tcp-repeaters to work around this problem back in the very ealy
> versions of tinc, I had the problem of a wingate proxy at that time.
> tcp repeaters can work great, but it can get very confusing when
> debugging.
> I'm very glad this problem is solved now by replacing all gateways by
> linuxboxes about 2 yrs ago.
Just a comment in general: a friend of mine has and uses a D-Link brand
firewall/router/NAT appliance. He just tells it to forward 655 to a
linux box behind the NAT and he runs tinc on that linux box in udp mode
with no problems. I am not sure if his NAT device just tries not to
rewrite the outbound UDP source port if at all possible, or if it is
because of the port forward configuration that it leaves it alone..
Also, it is good to avoid TCPOnly mode if at all possible for more than
just the reasons mentioned in this thread already. See
http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
Jason
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list