using multiple physical interfaces
Brian Prodoehl
bprodoehl at gmail.com
Wed Aug 10 15:27:32 CEST 2011
On Wed, Aug 10, 2011 at 8:20 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Tue, Aug 09, 2011 at 12:46:34AM -0400, Brian Prodoehl wrote:
>
>> What is the suggested way of configuring tinc 1.1pre2 for multiple
>> physical interfaces between the nodes? In my configuration, each node
>> has a few IPv4 addresses (a base address for the node, and an address
>> for each physical interface). Route to the other node's base address
>> can jump around from one physical interface to another at runtime.
>> I've just been using the node's base address in the Address field of
>> the host file. With the TCP transport, there doesn't appear to be a
>> problem with this, but with the UDP transport, the source address of
>> the packets are that of the outgoing interface, which doesn't match
>> the Address field of any node, so the packets get dropped. Hopefully
>> what I described makes sense.
>
> The source address of the packets do not have to match that of an Address
> statement. And since 1.0.10 the source address of UDP packets does not have to
> match that of the TCP connection either. However, if there is some NAT device
> between your nodes, you may be out of luck, I do not know how well they will
> handle your situation.
>
> It would be helpful to let tinc log at debug level 5 on two nodes, and send me
> the log messages from around the time the route changes (a minute before and
> five minutes after the change). That should help me investigate the issue.
Good to know that it should work. There is no NAT, just direct
connections between the nodes. I'll capture debug output and post it
as soon as I get a chance to. I believe the debug message I was
getting was coming out of this code:
n = lookup_node_udp(&from);
if(!n) {
n = try_harder(&from, &pkt);
if(n)
update_node_udp(n, &from);
else ifdebug(PROTOCOL) {
hostname = sockaddr2hostname(&from);
logger(LOG_WARNING, "Received UDP packet from unknown source %s", hostname);
free(hostname);
return;
}
else
return;
}
Would it matter if PMTU discovery is disabled?
More information about the tinc
mailing list