tinc woes (connection established, possible routing issues)

[Chris Martino]

Hello,

I'm trying to use tinc to establish a vpn between two linux boxes.  The
keys are shared and the connection gets established, but I can't seem to
ping either side.  One side is strictly a server for the client to connect
to.  It has a public IP, and the private IP subnet which it's trying to
"share" to the client.  It's a pretty simple and straight forward setup.
Configurations are below...

                      Server Side                              Client Side
                 /                    \                     /                \
   Public IP          Private Subnet       Private IP
168.215.110.xxx --- 63.140.157.0/24 --- 63.140.157.230 ... --- 63.140.157.231 --- Client IP

Server:

/etc/tinc/Clarity/tinc.conf:

# Sample tinc configuration file

# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.

# The name of this tinc host. Required.
Name = Clarity

# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
# ConnectTo =

# The tap device tinc will use. Required.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/misc/net/tun for Linux tun/tap device.
Device = /dev/net/tun

# The file in which the private key for this host is stored. Required.
PrivateKeyFile = /etc/tinc/Clarity/rsa_key.priv

(server hosts file) /etc/tinc/Clarity/hosts/Clarity:

Address = black.clarityis.com
Subnet = 63.140.157.0/24

-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

(client host file) /etc/tinc/Clarity/hosts/joel:

-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

Client:

/etc/tinc/work/tinc.conf:

# Sample tinc configuration file

# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.

# The name of this tinc host. Required.
Name = joel

# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
ConnectTo = Clarity

# The tap device tinc will use. Required.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/misc/net/tun for Linux tun/tap device.
#Device = /dev/misc/net/tun
Device = /dev/tun

# The file in which the private key for this host is stored. Required.
PrivateKeyFile = /etc/tinc/work/rsa_key.priv

/etc/tinc/work/hosts/* are the same as above....

When I start tinc with tincd -n Clarity and tincd -n work on the machines
I can see the connections being "activated", but I cannot ping between the
two hosts.

Any ideas on how to get this to work?

Thanks,
Chris

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/