TINC 1.0pre2 problem

David Summers david at summersoft.fay.ar.us
Mon Jun 12 00:28:08 CEST 2000 

Thanks for the quick reply!  I tried what you suggested (I think :-) and
I still have the same results.

I'm seeing the icmp echo reply being sent from the router B tap0 interface
but they never show up on the router A tap0 interface.  However the icmp
echo requests are being sent from the machine on network A through router
A to router B and on to the machine on network B which is returning the
replies to router B and (apparently) through the tap0 interface and at
that point the mystery begins...why don't those replies show up on the
tap0 interface on router A?

Here is my current config (maybe I mis-interpreted something you said???):

==== Router A tinc.conf ====
TapDevice = /dev/tap0
ConnectTo = 216.63.158.19
MyVirtualIP = 192.168.254.0/24
VpnMask = 255.255.0.0
AllowConnect = no
============================

Router A "netstat -rn | grep -i tap0":
192.168.0.0     0.0.0.0       255.255.0.0     U       0 0       0 tap0

==== Router B tinc.conf ====
TapDevice = /dev/tap0
MyVirtualIP = 192.168.1.0/24
VpnMask = 255.255.0.0
AllowConnect = yes
===========================

Router B "netstat -rn | grep -i tap0":
192.168.0.0    0.0.0.0     255.255.0.0        U       0 0       0 tap0

Probably I'm doing something silly (first time is always hardest to do,
but I've been working on this for several weeks and can't think of what it
is).

Is it possible that I should have an "AllowConnect = yes" on Router A?

I guess the reason I had an extra network in there is because I'm used to
dealing with what I consider "normal" routers where each network interface
is on a different network...that's why I stuck the extra 10.0.0.1 <->
10.0.0.2 network in my original configuration.  I guess in the current
configuration it deals with that with the "wider" 255.255.0.0 netmask???

   Thanks!
   - David Summers


On Sun, 11 Jun 2000, Guus Sliepen wrote:

> Date: Sun, 11 Jun 2000 19:11:44 +0200 (CEST)
> From: Guus Sliepen <guus at sliepen.warande.net>
> To: David Summers <david at summersoft.fay.ar.us>
> Cc: tinc at nl.linux.org
> Subject: Re: TINC 1.0pre2 problem
> 
> On Sun, 11 Jun 2000, David Summers wrote:
> 
> > Thanks for the great software package!  The question I have is this:
> 
> Thank you :)
> 
> > My goal is to set up a triangle topology VPN between three sites and run
> > OSPF routing on all the sites so that if a link goes down between any two
> > sites the OSPF routing will reroute the packets that used to go between
> > the sites A <-> B to A <-> C <-> B and still remain connected.
> 
> Hopefully that functionality will be included in the final 1.0 version of
> tinc.
> 
> > Here is my setup (I turned off Masquerading for these tests to make sure
> > that it wasn't something silly like that).
> 
> > Network A = 192.168.1.0/24
> 
> You are using 192.168.x.y addresses for your internal network, but
> 10.x.y.z addresses for tinc! Why is that? Tinc does not need it's own
> IP's, you just have to put the ones you are already using in the
> configuration file.
> 
> > ==== Router A tinc.conf ====
> > TapDevice = /dev/tap0
> > ConnectTo = 216.63.158.19
> > MyVirtualIP = 10.0.0.1/8
> > VpnMask = 255.0.0.0
> > AllowConnect = no
> > ============================
> 
> Your MyVirtualIP should be 10.0.0.1/24, not /8. The subnet the tincd on
> router A represents is a class C subnet. However, the VpnMask is different
> - it is used to tell the startup script what the scope of the ENTIRE
> private network is.
> 
> > Router A "netstat -rn | grep tap0":
> > 192.168.254.0      10.0.0.2      255.255.255.0   UG     0 0      0 tap0
> > 10.0.0.0           0.0.0.0       255.0.0.0       U      0 0      0 tap0
> 
> Tinc will only correctly transfer packets with 10.x.y.z IP's. Your routing
> table suggests you think you have to send all 192.168.254.x packets to the
> gateway you think the daemon on the other side is.
> 
> > It is possible that my question boils down to this:
> > Is the VPN link between networks a Point to Point Link or is it a regular
> > network?  I think the configuration would be different in both of those
> > cases.
> 
> It's not point-to-point :). Try this:
> 
> Router A tinc.conf:
> ===================
> TapDevice = /dev/tap0
> ConnectTo = 216.63.158.19
> MyVirtualIP = 192.168.254.0/24
> VpnMask = 255.255.0.0
> ===================
> 
> Routing table:
> --------------
> 192.168.0.0	0.0.0.0		255.255.0.0	U	0 0	0 tap0
> 
> Router B likewise.
> 
> I hope this will help! We are not bothered at all by your questions, so if
> you have more of them, please ask! And we'd also be happy to hear your
> comments.
> 
> Met vriendelijke groet,
> Guus Sliepen.
> 
> 

David Wayne Summers          "Linux: Because reboots are for upgrades!"
david at summersoft.fay.ar.us   PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint =  C0 E0 4F 50 DD A9 B6 2B  60 A1 31 7E D2 28 6D A8 

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

More information about the Tinc mailing list