Automatic configuration of direct routes behind NAT
Benjamin Henrion
bh at udev.org
Wed Feb 22 18:57:53 CET 2012
On Wed, Feb 22, 2012 at 6:49 PM, Pedro Côrte-Real <pedro at pedrocr.net> wrote:
> On Wed, Feb 22, 2012 at 4:42 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
>> The automatic connections are happening, however using the IP addresses as seen
>> by the peers, not as read from the host config files. In fact, you only need to
>> have the host config files of the nodes you have a ConnectTo to. Information
>> about all the other nodes is spread around using tinc's protocol. The blog post
>> you referred to is correct :)
>
> So right now the peers will try to connect to each other through
> whatever IP addresses the central node has seen. If the IPs are public
> those are directly routed to the hosts and it works fine. If the IPs
> are NATed and the edge router also has portforwarding setup into the
> leaf node it works fine as well.
>
> Now if both leaves are behind the same NAT the central node sees the
> same address for both and they will both try to connect through the
> same (their own) NAT router. If you configure them on different ports
> and do individual port forwards it would work but in an inefficient
> way because all the packets would be going Leaf1->NATRouter->Leaf2.
> The 5 steps I had summarized before would solve this with step 2,
> getting to Leaf1->Leaf2 directly and not requiring the port forward at
> all.
>
> BTW, a tinc that does this would be a great way to get reliable SIP
> service across networks. You'd always have the same addresses but be
> routed either directly or forwarded depending on the network. An
> android phone doing this would be awesome.
Android does not have tun0/tap0 support, maybe Cyanogenmod.
Or mayeb ICS 4.0 got tun support:
http://code.google.com/p/android/issues/detail?id=24693
I only have 2.x devices here, so I cannot test with 4.0.
--
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
More information about the tinc
mailing list