Tinc clients behind a NAT, tunnels get unstable
Marcus Schopen
lists at localguru.de
Sat Sep 26 16:54:34 CEST 2015
Hi,
Am Samstag, den 26.09.2015, 15:45 +0200 schrieb Marcus Schopen:
> Hi,
>
> Am Samstag, den 26.09.2015, 12:20 +0200 schrieb Marcus Schopen:
> > Last Problem seems to be the local UFW Firewall on the clients whichs
> > seems to block the Broadcast for LocalDiscovery = yes. Need to check the
> > logs here.
>
> Puzzeling around with UFW firewall. What ports need to be open on the
> clients to get "LocalDiscovery = yes" working? I don't see any blocked
> packages in kern.log. If I disable the UFW firewall, the clients are
> able to talk directly.
UFW firewall is dropping broadcast traffic without noisy logging. After
changing this line in /etc/ufw/before.rules broadcast packages are
accepted and local tinc clients behind the NAT can connect directly
(LocalDiscovery):
# if BROADCAST, RETURN
###-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j ACCEPT
Ciao
Marcus
More information about the tinc
mailing list