Getting at a machine behind a ISDN router

Sun Oct 13 00:43:49 CEST 2002

On Wed, 9 Oct 2002 09:18:48 +0200 Ivo Timmermans <ivo at o2w.nl> wrote:

> Carlos Sousa wrote:
> > I installed and configured tinc on both machines, but I cannot ping from
> > any side. When I try to connect from "client" to "server", the tinc logs
> > at "server" show:
> > 
> >    Received UDP packet from unknown source 194.210.6.254 port 756
> > 
(...)
> If you don't have access, the TCPOnly option is for you.

This worked, and tinc stopped complaining. But the connection is still
not working. Actually, in the hundred times or so I've tried till now,
it actually worked 2 or 3 times. Weird...

Pinging the client machine (10.0.2.1) from the server machine (10.0.1.1)
and running iptraf on the server shows traffic between the 2 machines,
both ways, but the packets are still lost. I smell a routing problem
concerning the echo-reply packets that are arriving at server, but I can't
see where.

Here is some data from my setup:
----------------------------------------------------------------------
vbcnet/tinc.conf:

Name = vbc
Device = /dev/net/tun
PrivateKeyFile = /etc/tinc/vbcnet/rsa_key.priv
AddressFamily = ipv4
BindToInterface = eth0
----------------------------------------------------------------------
vbcnet/hosts/vbc (the server, my home machine, publically available):

Address = vbc.dyndns.org
Port = 655
Subnet = 10.0.1.0/24
TCPonly = yes
# The public key generated by `tincd -n example -K' is stored here
(...)
----------------------------------------------------------------------
vbcnet/hosts/miragaia (the client, publically unaccessible machine):

Port = 655
Subnet = 10.0.2.0/24
TCPonly = yes
# The public key generated by `tincd -n example -K' is stored here
(...)
----------------------------------------------------------------------
ifconfig (just the vpn part):

vbcnet    Link encap:Ethernet  HWaddr FE:FD:00:00:00:00  
          inet addr:10.0.1.1  Bcast:10.255.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:4998 (4.8 KiB)
----------------------------------------------------------------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
195.23.75.0     *               255.255.255.0   U     0      0        0 eth0
10.0.0.0        *               255.255.0.0     U     0      0        0 vbcnet
default         195-23-75-1.nr. 0.0.0.0         UG    0      0        0 eth0
----------------------------------------------------------------------
vbc (server) log extract:

tinc.vbcnet[12412]: tincd 1.0pre8 (Sep 17 2002 13:46:46) starting, debug level 1
tinc.vbcnet[12412]: /dev/net/tun is a Linux tun/tap device
tinc.vbcnet[12412]: Listening on 0.0.0.0 port 655
tinc.vbcnet[12412]: Ready
tinc.vbcnet[12412]: Connection from 194.210.6.2 port 40930
tinc.vbcnet[12412]: Connection with miragaia (194.210.6.2 port 40930) activated
----------------------------------------------------------------------

So the 2 tincs are connecting, and there are no more log entries even though
my ping attempts fail. I'm running tinc with -d 10.

There is something I find suspicious here: tinc says it's listening on
0.0.0.0 is this right? shouldn't it be listening on 10.0.1.1?

I have absolutely no more ideas on how to tackle this. Please tell me if
you would like me to provide some more data. I hate to give up on software
that's working for everybody else...

-- 
Carlos Sousa
http://vbc.dyndns.org/
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/