UPnP support in tinc

Guus Sliepen guus at tinc-vpn.org
Thu Nov 12 23:23:30 CET 2015


On Thu, Nov 12, 2015 at 10:05:19PM +0000, Etienne Dechamps wrote:

> My best guess is that it's simply a direct application of
> probabilities: if the probability that a NAT is "compliant" is 70%,
> then the probability that *both* NATs at both ends of the tunnel are
> "compliant" is only 50% (0.70*0.70). Indeed both NATs need to be
> compliant in order for UDP hole punching to work.

That's not true, full cone or address restricted NAT can still
communicate with a symmetric NAT. It's only port restricted NAT that
cannot communicate with symmetric NAT. So in the second graph, it's
PAR-SYM and SYM-SYM that don't work, the rest do.

> > Of course if there is a lightweight,
> > cross-platform library that is easy to integrate we should have a look
> > at that. If that can be done with MiniUPnP, go ahead.
> 
> Understood. I'll get busy this week-end :)

Great :)

> > NAT-PMP (and PCP?) seems interesting to, maybe it is simple enough to
> > code directly into tinc?
> 
> Well, the author of miniupnpc also wrote libnatpmp, which apparently
> *is* specifically designed to be integrated into an event loop:
> http://miniupnp.free.fr/libnatpmp.html

Oh, nice! Hopefully it supports Windows as well.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151112/52089791/attachment-0001.sig>


More information about the tinc mailing list