OK thanks, it works now. After I started checking *everything* I found that sometime during the copying of configuration files the host-key for one of the parties got mangled..... (Probably due to the difference between Linux and Windows machines (CR/LF). Tinc correctly refuses to setup the connection (but also refused to give a clear indication of the nature of the problem).
On Jan 31, 2008 12:31 PM, Guus Sliepen <[EMAIL PROTECTED]> wrote: > On Wed, Jan 30, 2008 at 06:09:46PM +0100, sich wrote: > > > > I have trouble making a tinc daemon on a Windows XP machine behave > > > properly. > > > In order to let the connection go through the (NAT) firewall I need to > > > be able to pinpoint the exact portnumber used, so I can make the > > > proper rewriting rules. > > > > > > However when I don't specify any Port number the firewall receives > > > connection attempt for the other tinc machine on the internet from a > > > "random" high port number (1025 and up, increasing with each attempt). > > > > > > If I *do* specify a Port directive in the Host configuration then the > > > daemon is still using the "random" high portnumbers. > [...] > > The tinc port is the destination port. The source port is randomly generate. > > The source port of tinc's TCP connections is random, but each tinc > daemon will use a fixed source port for UDP packets. If you see UDP > packets from random port numbers, there is a NAT somewhere in your > network. You can add "TCPOnly = yes" to tinc.conf to tunnel everything > via TCP. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <[EMAIL PROTECTED]> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFHobGrAxLow12M2nsRAheMAJ9bFAyUcN0nZfA1DEXnQSPQU5ULtgCfUbkx > E+joFWltr8ndJeu1VwOvqXw= > =rP9p > -----END PGP SIGNATURE----- > > _______________________________________________ > tinc mailing list > [email protected] > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > -- ---- Met vriendelijke groeten / With kind regards Hans Voss --------------------------------------- * Senior Consultant Open Source, Networking and Security * General Open Sourcerer * google talk enabled * blog: http://jazzterdaily.blogspot.com - Tech and other news that caught my attention. * Shared News feed: https://www.google.com/reader/public/atom/user/02723796534474865919/state/com.google/broadcast _______________________________________________ tinc mailing list [email protected] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
