TINC 1.0pre2 problem

David Summers david at summersoft.fay.ar.us
Mon Jun 12 00:35:31 CEST 2000 

Hmmm.  One more thing; I noticed here and in your documentation you talk
about the meta protocol dealing with routing issues.  Does that mean I
don't have to run a routing protocol on all the connected VPNs that I
establish?  Does/Would your protocol tell my router A that a route between
VPN networks B and C has been established?

   Thanks!
   - David Summers

On Sun, 11 Jun 2000, Guus Sliepen wrote:

> Date: Sun, 11 Jun 2000 19:11:44 +0200 (CEST)
> From: Guus Sliepen <guus at sliepen.warande.net>
> To: David Summers <david at summersoft.fay.ar.us>
> Cc: tinc at nl.linux.org
> Subject: Re: TINC 1.0pre2 problem
> 
> On Sun, 11 Jun 2000, David Summers wrote:
> 
> > Thanks for the great software package!  The question I have is this:
> 
> Thank you :)
> 
> > My goal is to set up a triangle topology VPN between three sites and run
> > OSPF routing on all the sites so that if a link goes down between any two
> > sites the OSPF routing will reroute the packets that used to go between
> > the sites A <-> B to A <-> C <-> B and still remain connected.
> 
> Hopefully that functionality will be included in the final 1.0 version of
> tinc.
> 
> > Here is my setup (I turned off Masquerading for these tests to make sure
> > that it wasn't something silly like that).
> 
> > Network A = 192.168.1.0/24
> 
> You are using 192.168.x.y addresses for your internal network, but
> 10.x.y.z addresses for tinc! Why is that? Tinc does not need it's own
> IP's, you just have to put the ones you are already using in the
> configuration file.
> 
> > ==== Router A tinc.conf ====
> > TapDevice = /dev/tap0
> > ConnectTo = 216.63.158.19
> > MyVirtualIP = 10.0.0.1/8
> > VpnMask = 255.0.0.0
> > AllowConnect = no
> > ============================
> 
> Your MyVirtualIP should be 10.0.0.1/24, not /8. The subnet the tincd on
> router A represents is a class C subnet. However, the VpnMask is different
> - it is used to tell the startup script what the scope of the ENTIRE
> private network is.
> 
> > Router A "netstat -rn | grep tap0":
> > 192.168.254.0      10.0.0.2      255.255.255.0   UG     0 0      0 tap0
> > 10.0.0.0           0.0.0.0       255.0.0.0       U      0 0      0 tap0
> 
> Tinc will only correctly transfer packets with 10.x.y.z IP's. Your routing
> table suggests you think you have to send all 192.168.254.x packets to the
> gateway you think the daemon on the other side is.
> 
> > It is possible that my question boils down to this:
> > Is the VPN link between networks a Point to Point Link or is it a regular
> > network?  I think the configuration would be different in both of those
> > cases.
> 
> It's not point-to-point :). Try this:
> 
> Router A tinc.conf:
> ===================
> TapDevice = /dev/tap0
> ConnectTo = 216.63.158.19
> MyVirtualIP = 192.168.254.0/24
> VpnMask = 255.255.0.0
> ===================
> 
> Routing table:
> --------------
> 192.168.0.0	0.0.0.0		255.255.0.0	U	0 0	0 tap0
> 
> Router B likewise.
> 
> I hope this will help! We are not bothered at all by your questions, so if
> you have more of them, please ask! And we'd also be happy to hear your
> comments.
> 
> Met vriendelijke groet,
> Guus Sliepen.
> 
> 

David Wayne Summers          "Linux: Because reboots are for upgrades!"
david at summersoft.fay.ar.us   PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint =  C0 E0 4F 50 DD A9 B6 2B  60 A1 31 7E D2 28 6D A8 

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

More information about the Tinc mailing list