Routing between two tunnels

Lars Fredriksson lars at fredriksson.net
Thu Apr 25 18:37:04 CEST 2002 

Hi!

Me and two friends are trying to get a VPN working, but we cant get routing
between two tunnels.

This is how it looks, all servers (192.168.*.1) are running IP Masquerade to
enable the other computers behind them to access the internet.
Both elayne and glenn are connecting to melc, and the tunnel between melc
and glenn are running TCPOnly because that glenn doesnt have a public IP
(it's behind another firewall at his ISP).


192.168.5.*         192.168.1.*   192.168.3.*
     |                   |             |
     |                   |             |
192.168.5.1         192.168.1.1   192.168.3.1
   glenn ---TCPOnly--- melc ------- elayne
      (tap0)       (tap0)(tun)    (tun)


It works great melc <-> glenn and elayne <-> glenn (all hosts behind the
servers are reachable over the tunnel), but we cant get it working glenn <->
elayne through melc.

If we start tincd with "-d5"  and tries to ping a host on the other sunbet
we get the following error in syslog (in this example 192.168.5.1 are
pinging 192.168.3.1):

Apr 25 18:34:36 glenn tinc.boppen[13725]: Read packet of 98 bytes from Linux
ethertap device
Apr 25 18:34:36 glenn tinc.boppen[13725]: Cannot route packet: unknown
destination address 192.168.3.1


I don't if this is a routing table problem, but after what I've read, the
two tincd deamons on melc should handle the routing themselves?

Note; We are currently running 1.0pre5 - I don't know if upgrading to
1.0pre7 might fix this?

A note about the config below, the only lines I've added "myself" is the
last "route add -net ..." in tinc-up for the two nets on melc.


Thanks for any help that might solve this problem!

Best regards, Lars Fredriksson



This is how the config look;
__ At glenn ____________________________
:: route ::
192.168.5.0     *               255.255.255.0   U     0      0        0 eth1
172.17.0.0      *               255.255.0.0     U     0      0        0 eth0
192.168.0.0     *               255.255.0.0     U     0      0        0 tap0
default         172.17.255.254  0.0.0.0         UG    0      0        0 eth0

:: tinc.conf ::
Name=glenn
Device=/dev/tap0
ConnectTo = melc
KeyExpire = 30000000
PrivateKeyFile = /etc/tinc/boppen/rsa_key.priv

:: tinc-up ::
#!/bin/sh
ifconfig tap0 hw ether fe:fd:00:00:00:00
ifconfig tap0 192.168.5.250 netmask 255.255.0.0
ifconfig tap0 -arp

::hosts/melc ::
Subnet = 192.168.1.0/24
Address = 194.165.252.37
Port = 655
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
...

::hosts/glenn
Subnet = 192.168.5.0/24
Port = 655
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
...


__ At melc (connection to glenn) _____
:: route ::
192.168.5.0     *               255.255.255.0   U     0      0        0 tap0
194.165.252.0   *               255.255.255.0   U     0      0        0 eth0
192.168.3.0     *               255.255.255.0   U     0      0        0
greta
localnet        *               255.255.255.0   U     0      0        0 eth1
192.168.0.0     *               255.255.0.0     U     0      0        0 tap0
192.168.0.0     *               255.255.0.0     U     0      0        0
greta
default         vlan201-gw.um.l 0.0.0.0         UG    0      0        0 eth0

:: tinc.conf ::
Name=melc
Device=/dev/tap0
KeyExpire = 30000000
PrivateKeyFile = /etc/tinc/boppen/rsa_key.priv

:: tinc-up ::
#!/bin/sh
ifconfig tap0 hw ether fe:fd:00:00:00:00
ifconfig tap0 192.168.1.250 netmask 255.255.0.0
ifconfig tap0 -arp
route add -net 192.168.5.0 dev tap0 netmask 255.255.255.0

::hosts/melc ::
Subnet = 192.168.1.0/24
Address = 194.165.252.37
Port = 655
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
...

::hosts/glenn
Subnet = 192.168.5.0/24
Port = 655
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
...

__ At melc (connection to elayne) _____
:: route ::
See above

:: tinc.conf ::
Name=melc
Device=/dev/tun
KeyExpire = 30000000
PrivateKeyFile = /etc/tinc/greta/rsa_key.priv

:: tinc-up ::
#!/bin/sh
ifconfig greta hw ether fe:fd:00:00:00:00
ifconfig greta 192.168.1.249 netmask 255.255.0.0
ifconfig greta -arp
route add -net 192.168.3.0 dev greta netmask 255.255.255.0

::hosts/melc ::
Subnet = 192.168.1.0/24
Address = 194.165.252.37
Port = 656
-----BEGIN RSA PUBLIC KEY-----
...

::hosts/elayne
Subnet = 192.168.3.0/24
Port = 656
-----BEGIN RSA PUBLIC KEY-----
...


__ At elayne ____________________________
:: route ::
localnet        *               255.255.255.0   U     0      0        0 eth0
192.168.3.0     *               255.255.255.0   U     0      0        0 eth1
192.168.0.0     *               255.255.0.0     U     0      0        0
greta
default         217.215.1.1     0.0.0.0         UG    0      0        0 eth0

:: tinc.conf ::
Name=elayne
Device=/dev/tun
ConnectTo = melc
KeyExpire = 30000000
PrivateKeyFile = /etc/tinc/greta/rsa_key.priv

:: tinc-up ::
#!/bin/sh
ifconfig greta hw ether fe:fd:00:00:00:00
ifconfig greta 192.168.3.249 netmask 255.255.0.0
ifconfig greta -arp

::hosts/melc ::
Subnet = 192.168.1.0/24
Address = 194.165.252.37
Port = 656
-----BEGIN RSA PUBLIC KEY-----
...

::hosts/elayne
Subnet = 192.168.3.0/24
Port = 656
-----BEGIN RSA PUBLIC KEY-----
...

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list