No connection between nodes on same LAN
Daniel Schall
Daniel-Schall at web.de
Thu May 6 15:47:57 CEST 2010
Hi all,
I am currently deploying tinc as an alternative to OpenVPN.
My setup includes a lot of nodes and some of them are sitting together
behind the same router on the same network segment.
(E.g. connected to the same switch.)
I noticed, that those nodes do never talk directly to each other via their
private ip-addresses, but instead use the NATed address they got from the
router.
Furthermore, some talk only over a third node, that sits outside the LAN.
====Example ====
Router1 :
Public IP 1.1.1.1
Local LAN behind said router
Subnet 192.168.0.x/24
Tinc-VPN :
Subnet 172.25.3.0/24
Node1
Behind Router1
NAT-UDP 1.1.1.1:1001
LAN-IP 192.168.0.101
Tinc-IP 172.25.3.101
Node2
Behind Router1
NAT-UDP 1.1.1.1:1002
LAN-IP 192.168.0.102
Tinc-IP 172.25.3.102
Node3
Public IP 2.2.2.2
Tinc-IP 172.25.3.1
Node1 connects to Node3.
Node2 connects to Node3.
Both nodes can ping Node3's tinc-ip.
But both nodes (1 & 2) do not get a direct connection, they only talk via
Node3.
So pinging Node2 from Node1 results in a packet from Node1 to Node3 and from
Node3 to Node2's NATed UDP-Port at the router.
Sometimes, It results in a "direct" packet from Node1 to Node2's public
UDP-Port.
It seems to me as if tinc is unable to see, that Node1 and Node2 are sitting
"right next to each other", and is only considering the publicly visible UDP
port to send data to.
Can anyone confirm this, or do I have some misunderstanding regarding tinc?
Additional information:
Every Node has every other node's public key. The host configuration is
always the same:
Port = 1655
IndirectData = no
PMTUDiscovery = yes
Compression = 10
Only Node3 has a Address set. This node acts kinda like a "server", where
all other nodes connect to.
I plan to add more "server-like" nodes in the near future that provide a
fixed address.
The config file looks like this:
Name = NodeX
ConnectTo = Node3 (this line is of course missing on Node3)
Device = {.. Windows UUID.. }
DeviceType = tap
Mode = switch
Node adresses are assigned using a DHCP server on Node3.
I'd be happy hearing from you guys.
Best regards
Daniel Schall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100506/5f1bec65/attachment.htm>
More information about the tinc
mailing list