Advertising a Public IP address

[Keith Whyte]

Hi all

I feel like I should know the answer to this question, like I read it
someplace sometime, but it evades me right now.

It's also an opportunity to say hello to the list and many thanks for
writing and supporting tinc vpn! We make great use of it at rhizomatica.

So,

Let's take this example setup.

I have two tinc nodes (A and B) behind a firewall

NodeA and NodeB have 192.168.1.2 and 192.168.1.3 assigned on an internal
LAN, and they both have different public IP addresses forwarded to them,
port 655 udp/tcp

The rest of the nodes C-Z are spread out around the internet.

NodeA is our "master" server with all the keys for all nodes, so every
node in Node C-Z group has a ConnectTo = NodeA line and has NodeA's key,
with an Address = nodea_public_ip line of course.

Now, here's the question.

I would like any given node in the C-Z group to be able to find Node B
on it's public IP and therefore not forward via NodeA, but I would like
to be able to do this without having to distribute NodeBs host key file
with an Address = line to every node in the C-Z group.

Right now, if I ask any node in C-Z for

info NodeB

I get:

Address: 192.168.1.3 port 655
Reachability: none, forwarded via NodeA

NodeA and NodeB itself have NodeB's public IP address in the Address
line in the host/key file for NodeB, and LocalDiscovery is in operation
on the 192.168.1.x LAN behind the firewall, some other nodes are
actually there too.
Node B is reachable on the publicIP from the LAN (Nat reflection is in
operation)

Is there a way to force NodeA or NodeB to "advertise" it's public IP to
the rest of the tinc network, or did I miss something really obvious?


Thanks!


Keith.