wireless vpn + nat

Sun Nov 23 21:49:13 CET 2003

On Sun, Nov 23, 2003 at 10:36:11PM +0200, Alin-Adrian Anton wrote:

>    I installed tinc on a linux server which connects to the internet. 
> That server is linked via a wireless link with a Windows 2000 
> workstation. I installed tinc on the windows box too, and the vpn works 
> neat. The only problem is I don't know if the windows tap driver is able 
> to forward unknown IPs to a gateway. This is because if I try to ping 
> 10.0.0.1 which is just another ethernet card in the router, I get a 
> "destination unreachable" error, because the tinc VPN subnet looks like 
> 10.0.2.0/24, where 10.0.2.1 is the router end, and 10.0.2.2 is the win2k 
> box. I can ping 10.0.2.1 from the win box.
> 
>    The wireless link looks like this: 10.0.1.1 is the linux router, 
> 10.0.1.2 is the win2k box.

You should add Subnet = 10.0.1.1 to the host config file of the router
and Subnet = 10.0.1.2 to the host config file of the win2k box.

>    In spite of the fact that the router works correctly, it even seems 
> that if I try to ping someone on internet from the windows box, I get 
> destination unreachable without the packets even getting tunneled 
> through the VPN by tinc, using the wireless link for transport. I tried 
> it with a sniffer, and indeed, packets dont even travel through the VPN 
> when I try to ping some internet IP. I conclusioned this is a limitation 
> of the windows tap driver.

Not at all. Those destination unreachable messages are generated by
tinc, because it doesn't know a Subnet which matches the destination
address of the packets you are trying to send.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20031123/7b4f2f90/attachment.pgp