Tinc doesn't connect

Marcel Loesberg marcel_loesberg at motosoto.com
Mon Mar 19 16:01:38 CET 2001 

On Mon, 19 Mar 2001, you wrote:
> 
> On Mon, Mar 19, 2001 at 01:23:02PM +0100, Marcel Loesberg wrote:
> 
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> > cable204.196.en cable001.192.en 255.255.255.255 UGH   0      0        0 eth1
> > gw.rdam.motosot *               255.255.255.255 UH    0      0        0 eth0
> > mail.motosoto.c *               255.255.255.255 UH    0      0        0 eth1
> 
> Are the above routing entries really necessary?

The first one is a problem with my cable provider (UPC). They don't allow
people on the same subnet to connect with eachother. A way around this is to
set a route so that all trafic to the machine you want to "talk" to comes from
their router. They put a special rule on that router for customers who need to
talk to other customers (for example when you want to build a VPN :)).

The other two are automatically generated, I sure didn't set them :(

> 
> > 192.168.200.0   *               255.255.255.0   U     0      0        0 tap0
> > 192.168.200.0   *               255.255.255.0   U     0      0        0 tap0
> 
> Duplicate routing entries...

I set it once, don't know where the second one comes from.
The machine has two network cards. Maybe RedHat automatically sets
a route for each network card? (I'm guessing here).

> 
> > default         cable001.192.en 0.0.0.0         UG    0      0        0 eth1
> > default         cable001.192.en 0.0.0.0         UG    1      0        0 eth1
> 
> Duplicate routing entries...

Same story :(

> 
> This probably is't the problem, but it's a good idea to clean your routing
> table anyway.

"route -F" ?

> 
> > Chain forward (policy ACCEPT):
> > target     prot opt     source                destination           ports
> > MASQ       all  ------  192.168.0.0/24       anywhere              n/a
> 
> Did you specify the -i option for this rule to restrict masquerading two a
> specific outgoing interface?

Yes, here are the commands I use to configure my router:
ipchains -F
insmod ip_masq_cuseeme
insmod ip_masq_ftp
insmod ip_masq_irc
insmod ip_masq_raudio
ipchains -A forward -i eth1 -s 192.168.0.0/24 -j MASQ

> 
> Furthermore, could you run tincd with the -ddddd option and show us the
> resulting syslog messages from the start of tinc up till the error?

Sure:

Mar 19 16:10:45 mail tinc[1784]: tincd 1.0pre3 (Mar 16 2001 14:53:52)
starting, debug level 5 Mar 19 16:10:45 mail tinc[1784]: Ready: listening on
port 655 Mar 19 16:10:45 mail tinc[1784]: Trying to connect to 195.38.205.202
Mar 19 16:10:45 mail tinc[1784]: Connected to 195.38.205.202 port 655
Mar 19 16:10:45 mail tinc[1784]: Metadata socket read error for motosoto (195.38.205.202): No such process
Mar 19 16:10:45 mail tinc[1784]: Closing connection with motosoto (195.38.205.202)

Regards,

Marcel Loesberg
-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

More information about the Tinc mailing list