No connection between nodes on same LAN

Daniel Schall Daniel-Schall at web.de
Thu May 6 15:47:57 CEST 2010


Hi all,

 

I am currently deploying tinc as an alternative to OpenVPN.

My setup includes a lot of nodes and some of them are sitting together
behind the same router on the same network segment.

(E.g. connected to the same switch.)

 

I noticed, that those nodes do never talk directly to each other via their
private ip-addresses, but instead use the NATed address they got from the
router.

Furthermore, some talk only over a third node, that sits outside the LAN.

 

====Example ====

 

Router1               :

Public IP              1.1.1.1

 

Local LAN behind said router

                Subnet                 192.168.0.x/24

 

Tinc-VPN             :

                Subnet                 172.25.3.0/24

 

 

Node1

                Behind Router1

                NAT-UDP            1.1.1.1:1001

                LAN-IP                 192.168.0.101

                Tinc-IP                  172.25.3.101

 

Node2

                Behind Router1

                NAT-UDP            1.1.1.1:1002

                LAN-IP                 192.168.0.102

                Tinc-IP                  172.25.3.102

 

Node3

                Public IP              2.2.2.2

                Tinc-IP                  172.25.3.1

 

Node1 connects to Node3.

Node2 connects to Node3.

Both nodes can ping Node3's tinc-ip.

 

But both nodes (1 & 2) do not get a direct connection, they only talk via
Node3.

So pinging Node2 from Node1 results in a packet from Node1 to Node3 and from
Node3 to Node2's NATed UDP-Port at the router.

Sometimes, It results in a "direct" packet from Node1 to Node2's public
UDP-Port.

 

It seems to me as if tinc is unable to see, that Node1 and Node2 are sitting
"right next to each other", and is only considering the publicly visible UDP
port to send data to.

 

 

Can anyone confirm this, or do I have some misunderstanding regarding tinc?

 

Additional information:

Every Node has every other node's public key. The host configuration is
always the same:

Port                                                      = 1655

IndirectData                                      = no

PMTUDiscovery                              = yes

Compression                                    = 10

 

Only Node3 has a Address set. This node acts kinda like a "server", where
all other nodes connect to.

I plan to add more "server-like" nodes in the near future that provide a
fixed address.

 

The config file looks like this:

Name                   = NodeX

ConnectTo         = Node3 (this line is of course missing on Node3)

Device                 = {.. Windows UUID.. }

DeviceType        = tap

Mode                   = switch

 

Node adresses are assigned using a DHCP server on Node3.

 

 

I'd be happy hearing from you guys.

 

 

Best regards

 

Daniel Schall

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100506/5f1bec65/attachment.htm>


More information about the tinc mailing list