[Csync2] CSYNC2 through NAT / masquerdes
Lars Ellenberg
Lars.Ellenberg at linbit.com
Fri Sep 22 10:44:01 CEST 2006
/ 2006-09-22 07:32:41 +0000
\ Paul Hedderly:
> Thankyou Linbit for a bit of software that could be a lifesaver... if I
> can make it work properly for me :O)
>
> I am running the Debian sid/etch CSYNC2 on several machines (Debian
> version 1.33-2).
>
> On machines that are on the same subnet it works.
>
> But I would like to run it across a VPN link to another site, and would
> really like it to run on laptops that are often VPN connected.
> The IP addresses/hostnames are fine. The problem seems to be that the
> route the packets take from one end to the other takes them through at
> least one sNAT/masquerade so the packets get to their destination
> correctly, but the other end does not recognise the source IP address.
you could run the csync2 daemon in debug mode, like
csync2 -iii -vvv
to see what the daemon side tells you.
I guess it says "Identification failed!".
csync2 does a forward lookup (gethostbyname()) on the hostname provided
by the hello, and compares that to the ip found with getpeername on the
socket. if they don't match, sorry.
you'll find the corresponding code in daemon.c, case A_HELLO: .
maybe you can use the "somehostname at real-host-name" syntax in the csync2
config file. maybe you need to tweak your /etc/hosts file, so it would
provide the "expected" ip for the forward lookup.
if you figure it out, for the benefit of others, please post a
description of your setup, the problem, and your solution.
cheers,
--
: Lars Ellenberg Tel +43-1-8178292-0 :
: LINBIT Information Technologies GmbH Fax +43-1-8178292-82 :
: Schoenbrunner Str. 244, A-1120 Vienna/Europe http://www.linbit.com :
More information about the Csync2
mailing list