[Csync2] CSYNC2 through NAT / masquerdes
Paul Hedderly
paul at mjr.org
Fri Sep 22 09:32:41 CEST 2006
Thankyou Linbit for a bit of software that could be a lifesaver... if I
can make it work properly for me :O)
I am running the Debian sid/etch CSYNC2 on several machines (Debian
version 1.33-2).
On machines that are on the same subnet it works.
But I would like to run it across a VPN link to another site, and would
really like it to run on laptops that are often VPN connected.
When it is attempted to run over the VPN I get:
tawny# csync2 -Tvvv
My hostname is tawny.xxx.priv.
Database-File: /var/lib/csync2/tawny.xxx.priv.db
Config-File: /etc/csync2.cfg
Running in-sync check for 172.16.1.25 <-> 172.16.48.25.
Connecting to host 172.16.48.25 (SSL) ...
Local> SSL\n
Peer> OK (activating_ssl).\n
Establishing SSL connection failed.
and at the other end:
pallas# csync2 -Tvvv
My hostname is tawny.xxx.priv.
Database-File: /var/lib/csync2/tawny.xxx.priv.db
Config-File: /etc/csync2.cfg
Running in-sync check for 172.16.1.25 <-> 172.16.48.25.
Connecting to host 172.16.48.25 (SSL) ...
Local> SSL\n
Peer> OK (activating_ssl).\n
Establishing SSL connection failed.
And with SSL disabled:
tawny:/etc# csync2 -xv
Connecting to host pallas.xxx.priv (PLAIN) ...
While syncing file /data/home/prh/.Xauthority:
ERROR from peer pallas.xxx.priv: Connection closed.
While syncing file /etc/csync2.cfg:
ERROR from peer pallas.xxx.priv: Connection closed.
ERROR from peer pallas.xxx.priv: Connection closed.
Finished with 3 errors.
and:
pallas:/data/home# csync2 -xv
Connecting to host tawny.xxx.priv (PLAIN) ...
While syncing file /etc/csync2.cfg:
ERROR from peer tawny.xxx.priv: Connection closed.
ERROR from peer tawny.xxx.priv: Connection closed.
Finished with 2 errors.
The IP addresses/hostnames are fine. The problem seems to be that the
route the packets take from one end to the other takes them through at
least one sNAT/masquerade so the packets get to their destination
correctly, but the other end does not recognise the source IP address.
I've tried with and without SSL and just cannot make it work. Any hints?
(I can provide straces and pcap files if they would help.)
--
Paul Hedderly <paul at mjr.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.linbit.com/pipermail/csync2/attachments/20060922/4815ca44/attachment.pgp
More information about the Csync2
mailing list