Direct connections between nodes are in the same LAN (behind common NAT)
kolesnikov at infonetwork.ru
kolesnikov at infonetwork.ru
Tue Feb 22 02:00:00 CET 2011
Hi
I'm trying to implement a scheme in which the nodes will have a direct UDP tunnel to each other.
First, all nodes make connection with one public node, and then make connections with each other.
And I came across the following problem:
Remotely located nodes can establish a direct UDP connection, but the nodes that are in the same local network can not, and all traffic goes through the public node.
In the log files I see that the nodes can not agree on the MTU.
1298030480 tinc.vpn[4056]: No response to MTU probes from client_01
I understand this so that local nodes can not receive messages MTU probe from each other. Although from the remote nodes they successfully receive these messages.
Tell me please, how can I solve this problem?
Additional information:
I have 4 nodes:
1) VPNGATE - public node and all the other nodes are connected with it.
2) CLIENT_01, CLIENT_02 - nodes are located in the same LAN.
3) CLIENT_03 - remotely located node.
=== VPNGATE ===
tinc/vpn/hosts/vpngate
tinc/vpn/hosts/client_01
tinc/vpn/hosts/client_02
tinc/vpn/hosts/client_03
... tinc.conf:
AddressFamily = ipv4
BindToAddress = x.x.x.x (public IP address)
BindToInterface = eth0
Name = vpngate
Device = /dev/net/tun
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
Mode = switch
=== CLIENT_0X ===
tinc/vpn/hosts/vpngate
tinc/vpn/hosts/client_0X
... tinc.conf:
AddressFamily = ipv4
Name = client_0X
ConnectTo = vpngate
Interface = tinc.vpn
PrivateKeyFile = C:\Program Files\tinc\vpn\rsa_key.priv
Mode = switch
=== HOST FILES ===
VPNGATE:
Compression = 9
Address = x.x.x.x (public IP address)
Subnet = 192.168.10.0/24
Port = 655
-----BEGIN RSA PUBLIC KEY-----
CLIENT_0X:
Compression = 9
Subnet = 192.168.10.X/32
-----BEGIN RSA PUBLIC KEY-----
and when I have full connectivity:
ping CLIENT_01 ---> VPNGATE = 150 ms
ping CLIENT_01 ---> CLIENT_03 = 15 ms
ping CLIENT_01 ---> CLIENT_02 = 300 ms
Best regards,
Dmitry Kolesnikov
More information about the tinc
mailing list