can't ping to an internal IP through tinc's virtual interfaces

Roberto Meyer rmeyer at idr.org.ar
Thu Jul 31 01:42:19 CEST 2003 

Hi:

I've detected a problem: if I run 'ping' from pamvirtual (external host)
I don't reach isivirtual...

I increased tincd's log level and obtained the following:

Jul 30 20:22:38 pamvirtual tinc.vpn[19629]: /dev/tun is a Linux tun/tap
device
Jul 30 20:22:38 pamvirtual tinc.vpn[19629]: Listening on 0.0.0.0 port 655
Jul 30 20:22:38 pamvirtual tinc.vpn[19629]: Ready
Jul 30 20:22:38 pamvirtual tinc.vpn[19629]: Trying to connect to isivirtual
(168.226.x.x port 655)
Jul 30 20:22:44 pamvirtual tinc.vpn[19629]: Connection from
168.226.x.x port 2281
Jul 30 20:22:44 pamvirtual tinc.vpn[19629]: Connection with isivirtual
(168.226.x.x port 2281) activated

Jul 30 20:23:41 pamvirtual tinc.vpn[19629]: Timeout from isivirtual
(168.226.x.x port 655) during authentication

Jul 30 20:23:41 pamvirtual tinc.vpn[19629]: Closing connection with
isivirtual (168.226.x.x port 655)
Jul 30 20:23:41 pamvirtual tinc.vpn[19629]: Trying to re-establish
outgoing connection in 5 seconds
Jul 30 20:23:57 pamvirtual tinc.vpn[19629]: Already connected to isivirtual

If I ping from isivirtual to pamvirtual, pings from pamvirtual respond
for a while. After some minutes every connection from pamvirtual gets
stucked again.

Any idea about this?

TIA.

-
Roberto


> On Wed, Jul 30, 2003 at 10:56:34AM -0300, Roberto Meyer wrote:
> 
> > > > As I said, the VPN seems to work ok. I can ping from one machine
> > > > to the
> > > > other one (only to their virtual interfaces). I even configured
> > > > mail
> > > > relaying (exim listens on the virtual IP).
> > > 
> > > But I still can't diagnose your problem if I don't see your config
> > > files.
> 
> [...]
> 
> > Routing table:
> > 200.80.x.0     *               255.255.255.128  U   0  0  0  eth0
> > 192.168.144.0  isivirtual      255.255.255.0    UG  0  0  0  vpn
> > 10.10.0.0      *               255.255.0.0      U   0  0  0  vpn
> > default        host1.200.80.x  0.0.0.0          UG  0  0  0  eth0
> 
> Hmkay... I see the problem. Gateway routes don't work with tinc in
> router mode. You can do it with tinc in switch mode, but an easier
> solution is given below.
> 
> > *** pamvirtual config ***
> > 
> > /etc/tinc/vpn/tinc-up:
> >    ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
> >    ifconfig $INTERFACE 10.10.10.1 netmask 255.255.0.0
> >    ifconfig $INTERFACE -arp
> 
> Forget about the gateway route. Just add this to tinc-up:
> route add -net 192.168.144.0 netmask 255.255.255.0 dev $INTERFACE
> 
> > /etc/tinc/vpn/hosts/isivirtual:
> > Subnet = 10.10.10.2/32
> > -----BEGIN RSA PUBLIC KEY-----
> > -----END RSA PUBLIC KEY-----
> 
> Add: Subnet = 192.168.144.0/24
> 
> > Another thing I couldn't work out is to configure addresses like
> > 10.10.10.0/24 for subnets... I found broadcast addresses somewhat
> > weird:
> > ifconfig vpn at isivirtual shows this:
> 
> Don't bother with the broadcast address, it will never be used.
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list