Tinc also does not seem to care much about the TCP port numbers. I have
had some success with both kernel (NAT) redirection and userspace (socat
or similar) forwarding of the TCP port used for meta connections. I use
this to accept VPN connections on TCP 443 in addition to the default
port. I think tinc will still use the configured port for UDP packets in
this case.
--
Ivo
Op 2-5-2017 om 18:59 schreef Peter Whisker:
It's down to corporate firewall rules I can't control. I've tried
tricking it like you suggested but it didn't work. I guess iptables is
the next port if call.
It might be a useful addition to tinc.
Thanks
Petdf
On 2 May 2017 17:50, "Guus Sliepen" <[email protected]
<mailto:[email protected]>> wrote:
On Tue, May 02, 2017 at 05:40:40PM +0100, Peter Whisker wrote:
> Is it possible to use different port numbers for UDP and TCP?
I'd like to
> open the TCP connection to one port on the remote server and
stream the UDP
> packets to a different port. I've tried specifying both as
BindToAddress
> and Address lines but it always just uses TCP.
It's not directly supported by tinc, but maybe you can trick it
to. Here
are some pointers:
You can have multiple BindToAddress lines. For outgoing UDP packets,
tinc will *initially* use the first matching one for a given address
family (IPv4 or IPv6).
Other tinc nodes will *initially* try to send UDP packets to this node
on the same port.
However, to help NAT traversal, tinc will allow packets from different
ports. If you really want to allow UDP packets on only one specific
port, you might want to add firewall rules to block UDP packets from
the other port(s), both incoming and outgoing.
Since tinc does not care about the port, you might instead try to add
NAT rules that change the source port of outgoing UDP packets to the
desired one (and also the destination port of incoming UDP packets).
But I wonder why you want to split this?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <[email protected] <mailto:[email protected]>>
_______________________________________________
tinc mailing list
[email protected] <mailto:[email protected]>
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
<https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc>
_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
_______________________________________________
tinc mailing list
[email protected]
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
