tinc and routing
Guus Sliepen
guus at sliepen.eu.org
Fri Oct 10 17:36:40 CEST 2003
On Fri, Oct 10, 2003 at 09:46:31AM -0500, Clark Rawlins wrote:
> I'll try that but to clear up an apparent misunderstanding:
> The 192.168.9.1 machine is multi-homed with 172.16.1.1 so they
> are the same machine.
Ah okay, that explains why IndirectData doesn't have any effect :)
> What I had hoped would happen is that traffic from 192.168.0.0/24
> headed for 172.16.1.0/24 would be routed via the vnc device to the
> gateway specified for 172.16.1.0/24 which is 192.168.9.1 from there
> the traffic would be routed to the eth2 interface which is the local
> subnet on the multi-homed host 192.168.9.1 - 172.16.1.1 and from there
> to its final destination.
Hm. Could you send me your tinc-up scripts and the configuration files
in the hosts/ directory?
> This doesn't seem to happen for some reason.
> You said that the gateway router gets ignored by either the kernel or
> by the tinc daemon? My understanding (which may be flawed) was that for
[...]
> Once it has the hardware address for the gateway address it sends the packet
> to the gateway address as an ethernet unicast message.
Correct.
> I don't know how this compares to what tinc does perhaps
> you could enlighten me?
Why the kernel would ignore the gateway address:
If you use tinc 1.0 or later and the universal tun/tap device from the
Linux kernel, tinc will use that device in tun mode, which means it is
not an Ethernet interface, but a pure IP interface. In that case, there
are no Ethernet addresses involved, and the gateway address is not used
at all by the kernel.
Why tinc would "ignore" the gateway address:
Well in router mode, tinc can only route IPv4 and IPv6 packets. ARP is
not an IPv4 protocol, it is something Ethernet specific. It does not
forward broadcast ARP requests to all other tinc daemons in the VPN.
However, tinc has built-in proxy-arp that will fake replies for ARP requests it
receives on the virtual network device. If you specify a gateway address
for the route, then the kernel will send ARP requests for that gateway
address. If you omit it, then the kernel will send ARP requests for the
destination address of the packets you send. Tinc responds to both
requests, the kernel is happy because it now knows an Ethernet address,
sends it to the virtual network device, and tinc will route the packets
to the correct destination tincd (without looking at the Ethernet
address, just at the IP addresses in the packets).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20031010/5bb00943/attachment.pgp
More information about the Tinc-devel
mailing list