Config error - please help-continue

Kostadin Galabov kostura at visia.com
Tue May 8 16:40:13 CEST 2001 

thank you for your help. I managed to figure out whats wrong (the arp
disableing and an very small error in one of the firewalls :-)) ) Now all
seems to work.
Thanks again - for the help and for the nice program :))

-----Original Message-----
From: owner-tinc at nl.linux.org [mailto:owner-tinc at nl.linux.org]On Behalf
Of Kostadin Galabov
Sent: Tuesday, May 08, 2001 12:37
To: tinc at nl.linux.org
Subject: RE: Config error - please help-continue


OK, after disableing arp on server mashine (Yes I forget to tell you this is
2.4.3 kernel, sorry), tcpdump on server mashine shows :
12:30:05.741021 rtr-us.iris.bg > 192.168.0.1: icmp: echo request (DF)
12:30:06.741023 rtr-us.iris.bg > 192.168.0.1: icmp: echo request (DF)

it seems now packets are received on the slave mashine (I can see the
traffic on my firewall) but now on both client and server packets are not
sent from tap device to the eth device.

This is a diagram of how my config looks:

----------	Firewall
| US_VPN |	VPN Server
----------
	|
	Inet
	|
------------
| Firewall | (Inet IP and 192.168.0.1 LAN IP) Here I do portmapping of
<InetIP>:655 to
------------  192.168.0.5:655 (for both TCP and UDP)
	|
------------
| BG_VPN   | VPN Server (192.168.0.5 on eth0)
------------



These are the outputs of ifconfig:
US_VPN:
eth0      Link encap:Ethernet  HWaddr 00:04:76:1B:C6:1C
          inet addr:x.x.x.x  Bcast:x.x.x.x  Mask:255.255.255.240
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:162540 errors:5 dropped:0 overruns:0 frame:5
          TX packets:44217 errors:0 dropped:0 overruns:0 carrier:0
          collisions:1 txqueuelen:100
          Interrupt:12 Base address:0xcc00

eth1      Link encap:Ethernet  HWaddr 00:04:76:1B:CC:46
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:35521 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46780 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:10 Base address:0xd000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16144  Metric:1
          RX packets:400 errors:0 dropped:0 overruns:0 frame:0
          TX packets:400 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

vpn_net   Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.252.0
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100

and BG_VPN:
eth0      Link encap:Ethernet  HWaddr 00:01:02:CC:80:2D
          inet addr:192.168.0.5  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:260374 errors:0 dropped:0 overruns:0 frame:0
          TX packets:252197 errors:0 dropped:0 overruns:0 carrier:0
          collisions:651 txqueuelen:100
          Interrupt:11 Base address:0x6200

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:40884 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40884 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.0.5  Bcast:192.168.0.255  Mask:255.255.252.0
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:203 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1822 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0


-----Original Message-----
From: owner-tinc at nl.linux.org [mailto:owner-tinc at nl.linux.org]On Behalf
Of Guus Sliepen
Sent: Tuesday, May 08, 2001 11:31
To: tinc at nl.linux.org
Subject: Re: Config error - please help-continue


On Tue, May 08, 2001 at 09:59:34AM +0300, Kostadin Galabov wrote:

> It seems the other host responds, but packets are not sent vrom tap0 to
> eth0.
>
> On server host, when I ping 192.168.0.1, there is no info in syslog, but
> tcpdump -i vpn_net gives me this:
>
> 09:46:28.134738 arp who-has 192.168.0.1 tell rtr-us.iris.bg
> 09:46:29.131001 arp who-has 192.168.0.1 tell rtr-us.iris.bg
> 09:46:30.130997 arp who-has 192.168.0.1 tell rtr-us.iris.bg
[...]
>
> I wonder if it is because the client mashine is masqueraded and behind
> firewall. And I portmapped 655 port (TCP and UDP) on the firewall to point
> to respective ports on the client mashine, but maybe this is not right ?

That's not right. The problem is a difference between 2.2 kernel ethertap
and
2.4 kernel tuntap as I assume you are using on the other machine. You have
to
disable ARP on the tap devices. You can do that by adding an extra ifconfig
to
the startup script:

ifconfig vpn_net -arp

For consistency you could also do that on the tap0 from the other machine.

-------------------------------------------
Met vriendelijke groet / with kind regards,
  Guus Sliepen <guus at sliepen.warande.net>
-------------------------------------------
See also: http://tinc.nl.linux.org/
          http://www.kernelbench.org/
-------------------------------------------



-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

More information about the Tinc mailing list