Configuration Help
Michael Brandstetter
M_Brandstetter at web.de
Sat Nov 8 12:32:43 CET 2003
Hello again
Gerüchteweise brabbelte Guus Sliepen diese Worte:
> On Thu, Nov 06, 2003 at 10:50:16PM +0100, Michael Brandstetter wrote:
>
>> i have set up two tincd as mentioned on this site:
>> http://mia.ece.uic.edu/~papers/volans/tincd.html
>
> You should also read tinc's manual:
Sorry for didn't said that, but i've done it.
> Naturstrom never even mentions receiving an incoming connection. Perhaps
> there is a firewall blocking port 655? Or perhaps the domain name
> naturstrom.mine.nu didn't point to the right IP address at that time?
Thanks for the kick in the right direction. I applied some additional
rules to both firewalls and now it works.
Thanks for your great work. With this tool it is very easy and fast to
combine to private networks GREAT.
greetz michael :))
APPENDIX:
My new configfiles on Mondhexe. The files for Naturstrom are the same
except the different IP's and Networkaddresses.
/etc/tinc/tinc/tinc.conf
-------------------------------------------------------------------
# Sample tinc configuration file
Name = mondhexe
ConnectTo = naturstrom
AddressFamily = ipv4
Device = /dev/tun
PrivateKeyFile = /etc/tinc/tinc/rsa_key.priv
-------------------------------------------------------------------
/etc/tinc/tinc/tinc-up
-------------------------------------------------------------------
#!/bin/sh
ifconfig $INTERFACE 192.168.33.9 netmask 255.255.255.0
route add -net 192.168.0.0 netmask 255.255.255.0 dev $INTERFACE
-------------------------------------------------------------------
/etc/tinc/tinc/tinc-down
-------------------------------------------------------------------
#!/bin/sh
route del -net 192.168.0.0 netmask 255.255.255.0 dev $INTERFACE
ifconfig $INTERFACE down
-------------------------------------------------------------------
/etc/tinc/tinc/tinc/hosts/mondhexe
-------------------------------------------------------------------
Address = mondhexe.mine.nu
Subnet = 192.168.33.0/24
-----BEGIN RSA PUBLIC KEY-----
.....
-----END RSA PUBLIC KEY-----
-------------------------------------------------------------------
Additional Firewallrules
-------------------------------------------------------------------
iptables -A INPUT -p tcp --dport 655 -j ACCEPT
iptables -A INPUT -p udp --dport 655 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 655 -j ACCEPT
iptables -A OUTPUT -p udp --dport 655 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth1 -s 192.168.0.0/24 -d 192.168.33.0/24
-j ACCEPT
iptables -A FORWARD -i eth1 -o tun0 -s 192.168.33.0/24 -d 192.168.0.0/24
-j ACCEPT
iptables -t nat -A POSTROUTING -p udp -m udp --sport 655 -j MASQUERADE -o
ppp0 --to-ports 655
--------------------------------------------------------------------
[ root at mondhexe ]: # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
217.5.98.44 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
0.0.0.0 217.5.98.44 0.0.0.0 UG 0 0 0 ppp0
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list