<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Local IPs of the client are irrelevant.</p>
<p>The client should be configured to look for the host by domain
name (/etc/tinc/yournetwork/hosts/EXAMPLESERVER should have the
dDNS name in the Address directive) and the tinc.conf file should
have that as the host to connect to for the network. (ConnectTo=EXAMPLESERVER)<br>
</p>
<p>Then, you need port forwarding in your router to forward TCP/UDP
655 from the WAN address to the router to the LAN address of the
server. The server should be a static IP on that network <i>or </i>it
should have a DHCP reservation so it doesn't move and break NAT
port forwarding.</p>
<p>When tinc starts, it will check tinc.conf for the ConnectTo
directive. In your case, it will be ConnectTo=EXAMPLESERVER. Then,
it looks in the hosts/ directory for the EXAMPLESERVER file, and
reads the Address= directive to see where that server is. Since
you're using ddns, it will do a DNS lookup for that domain name,
and find your current IP address (hopefully) and try to connect on
udp/655. When those packets reach your router, they should get
forwarded to the server, which will authenticate the connection.
If the server can authenticate the client, it will keep the
connection, and if not, it will drop it. <br>
</p>
<p>Make sure that your host files are properly exchanged on both
sides so that both sides can authenticate the other side using the
public / private key pair. (Private keys are never exchanged. Only
public ones as kept in the hosts/ directory).<br>
</p>
<div class="moz-signature"><!-- EMAIL SIGNATURE STARTS HERE -->
<br>
<table style="background: none; border-width: 0px; border: 0px;
margin: 0; padding: 0;" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td style="padding-top: 0; padding-bottom: 0; padding-left:
0; padding-right: 7px; border-top: 0; border-bottom: 0:
border-left: 0; border-right: solid 3px #000000"
valign="middle"><img id="preview-image-url"
src="cid:part1.44FA7C0C.1BC526BC@hph.io"></td>
<td style="padding-top: 0; padding-bottom: 0; padding-left:
12px; padding-right: 0;">
<table style="background: none; border-width: 0px; border:
0px; margin: 0; padding: 0;" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td colspan="2" style="padding-bottom: 5px; color:
#000000; font-size: 18px; font-family: Arial,
Helvetica, sans-serif;">Michael Munger, dCAP,
MCPS, MCNPS, MBSS</td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>Microsoft
Certified Professional</strong></td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>Microsoft
Certified Small Business Specialist</strong></td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>Digium
Certified Asterisk Professional</strong></td>
</tr>
<tr>
<td colspan="2" style="color: #333333; font-size:
14px; font-family: Arial, Helvetica, sans-serif;"><strong>High
Powered Help, Inc.</strong></td>
</tr>
<tr>
<td style="vertical-align: top; width: 20px; color:
#000000; font-size: 14px; font-family: Arial,
Helvetica, sans-serif;" width="20" valign="top">p:</td>
<td style="vertical-align: top; color: #333333;
font-size: 14px; font-family: Arial, Helvetica,
sans-serif;" valign="top">678-905-8569</td>
</tr>
<tr>
<td style="vertical-align: top; width: 20px; color:
#000000; font-size: 14px; font-family: Arial,
Helvetica, sans-serif;" width="20" valign="top">w:</td>
<td style="vertical-align: top; color: #333333;
font-size: 14px; font-family: Arial, Helvetica,
sans-serif;" valign="top"><a href="https://hph.io"
style=" color: #1da1db; text-decoration: none;
font-weight: normal; font-size: 14px;">hph.io</a> <span
style="color: #000000;">e: </span><a
href="mailto:mj@hph.io" style="color: #1da1db;
text-decoration: none; font-weight: normal;
font-size: 14px;">mj@hph.io</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<!-- EMAIL SIGNATURE ENDS HERE --></td>
</tr>
</tbody>
</table>
</div>
<div class="moz-cite-prefix">On 2/7/19 5:03 AM, Drake Drake wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAGJQ0r9ZQ3ukVPjQ9Vuox8OJJ880dhStYPCJ2ZtbWo8cy3EbuA@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I'm new to Tinc and I'm having some hard time to figure out
the proper configuration for my use case. In hope you can help
me out.</div>
<div><br>
</div>
<div>A) SERVER running tinc (Ubuntu 16.04 LTS)</div>
<div>External IP: 111.111.111.111 (ddns)</div>
<div>Behind a router with NAT, local IP of SERVER: 192.168.0.4</div>
<div><br>
</div>
<div>B) CLIENT running tinc (Ubuntu 16.04 LTS)</div>
<div>External IP: 222.222.222.222 (ddns)</div>
<div>Behind a router with NAT, local IP of CLIENT: 192.168.1.100</div>
<div><br>
</div>
<div>I would like to make a tunnel between SERVER and CLIENT in
order to access TVheadend SatIP on SERVER from CLIENT. The
ports are 9981 and 9981 (UDP and TCP). That is, my CLIENT
should see the SERVER.</div>
<div>I don't want to route any of the internet traffic over
client or server, just to have access to these remote ports.</div>
<div>What would be the way to achieve this?</div>
<div><br>
</div>
<div>Many thanks,</div>
<div>drake</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
tinc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a>
<a class="moz-txt-link-freetext" href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
</pre>
</blockquote>
</body>
</html>