<div dir="ltr"><div><div>I believe the reason why you're experiencing this problem is because tinc does not use the connection TCP port to determine which port to send UDP packets to. Instead, it uses the port that is *advertised* by the other node.<br><br><a href="https://github.com/gsliepen/tinc/blob/06b820133285f83f7e1a839cccbed13358b84081/src/protocol_auth.c#L886">https://github.com/gsliepen/tinc/blob/06b820133285f83f7e1a839cccbed13358b84081/src/protocol_auth.c#L886</a><br><br></div>That means that if node A is configured with UDP port 655, that's the UDP port it will advertise to node B when it connects and that's what node B will use, even if node B used a different TCP port to establish the metaconnection.<br></div><div><br></div>I'm not sure why you didn't encounter this problem in tinc 1.0 - at first glance the code seems identical in that respect.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 29 December 2016 at 20:46, Guillermo Bisheimer <span dir="ltr"><<a href="mailto:gbisheimer@bys-control.com.ar" target="_blank">gbisheimer@bys-control.com.ar</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'm using Tinc 1.1pre14 and I'm trying to connect a node that is behind a firewall that blocks all non-standard ports.<div><br></div><div>I set up a rule in the server to redirect port 25 (that is not used in the server right now) to port 655, both in tcp and udp protocols, and set up the port 25 in the server host configuration file.</div><div><br></div><div>The client can reach the server, but after the initial sync and key exchange using TCP using port 25, it tries to make UDP connections to port 655 instead of 25. The tunnel is never built and I cannot reach the client.</div><div><br></div><div>I remember to have the same setup using tinc 1.0.x and it was working fine, but I'm unable to test it now. Is there a chance that tinc ignores the specified port and uses de default 655 port for UDP connections?</div><div><br></div><div>Thanks!</div></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><b><i><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">Ing. Guillermo Bisheimer</span></i></b><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><b><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">B&S Sistemas de Control y Equipamientos</span></b><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Av. de los Constituyentes 1172</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">(E3116CIX) Crespo, Entre Ríos</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="background-color:rgb(255,255,0)"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Tel/Fax: (</span><font color="#4f81bd" face="Arial, sans-serif">0343) 407-8990 (Nuevo número)</font></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(79,129,189)">Cel: (0343) 154679052</span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">WEB: </span><span style="font-size:10pt;font-family:arial,sans-serif;color:rgb(31,73,125)"><a href="http://www.bys-control.com.ar/" target="_blank">www.bys-control.com.ar</a></span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">e-mail: <a href="mailto:gbisheimer@bys-control.com.ar" target="_blank">gbisheimer@bys-<wbr>control.com.ar</a></span><span style="font-family:arial,sans-serif"></span></p><p style="font-family:"helvetica neue",helvetica,arial,sans-serif;line-height:19.5px;margin:0cm 0cm 0.0001pt"><span style="font-family:arial,sans-serif;color:rgb(31,73,125)">skype: guillermo.bisheimer</span></p></div></div>
<br>______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>