Hi all I feel like I should know the answer to this question, like I read it someplace sometime, but it evades me right now.
It's also an opportunity to say hello to the list and many thanks for writing and supporting tinc vpn! We make great use of it at rhizomatica. So, Let's take this example setup. I have two tinc nodes (A and B) behind a firewall NodeA and NodeB have 192.168.1.2 and 192.168.1.3 assigned on an internal LAN, and they both have different public IP addresses forwarded to them, port 655 udp/tcp The rest of the nodes C-Z are spread out around the internet. NodeA is our "master" server with all the keys for all nodes, so every node in Node C-Z group has a ConnectTo = NodeA line and has NodeA's key, with an Address = nodea_public_ip line of course. Now, here's the question. I would like any given node in the C-Z group to be able to find Node B on it's public IP and therefore not forward via NodeA, but I would like to be able to do this without having to distribute NodeBs host key file with an Address = line to every node in the C-Z group. Right now, if I ask any node in C-Z for info NodeB I get: Address: 192.168.1.3 port 655 Reachability: none, forwarded via NodeA NodeA and NodeB itself have NodeB's public IP address in the Address line in the host/key file for NodeB, and LocalDiscovery is in operation on the 192.168.1.x LAN behind the firewall, some other nodes are actually there too. Node B is reachable on the publicIP from the LAN (Nat reflection is in operation) Is there a way to force NodeA or NodeB to "advertise" it's public IP to the rest of the tinc network, or did I miss something really obvious? Thanks! Keith. _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
