tinc connection only usable after ping from other side

Guus Sliepen guus at sliepen.eu.org
Sun Jan 18 14:21:00 CET 2004


On Sat, Jan 17, 2004 at 07:08:23PM +0100, uws wrote:

> > $IPTABLES --policy INPUT DROP
> > $IPTABLES --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
> 
> > And remember that tinc's UDP packets are sent and received to and from
> > $EXTERNALIF.
> 
> However, I use "TCPonly = yes" for all my connections, because the other
> side is always behind a NAT router.
> 
> The only oddness I just discovered, is that I used "TCPonly" (without
> capital O) instead of "TCPOnly" in my hosts config files. I can't test right
> now, but does this make a difference?

As you can read in the manpages:

     This file consists of comments (lines started with a #) or assignments
     in the form of:

     Variable = Value.

     The variable names are case insensitive, and any spaces, tabs, newlines
     and carriage returns are ignored.  Note: it is not required that you put
     in the = sign, but doing so improves readability.

Anyway, check whether a firewall rule blocks packets by using this
command:

watch -d -n 1 iptables -L -v -x -n

If that doesn't show anything unusual, use tcpdump on $EXTERNALIF and
$TINCIF to see what kind of packets are sent/received on which
interface.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20040118/1e5ba788/attachment.pgp


More information about the Tinc mailing list