wireless vpn + nat

Alin-Adrian Anton aanton at reversedhell.net
Mon Nov 24 11:12:48 CET 2003 

Guus Sliepen wrote:

>On Sun, Nov 23, 2003 at 10:36:11PM +0200, Alin-Adrian Anton wrote:
>
>  
>
>>   I installed tinc on a linux server which connects to the internet. 
>>That server is linked via a wireless link with a Windows 2000 
>>workstation. I installed tinc on the windows box too, and the vpn works 
>>neat. The only problem is I don't know if the windows tap driver is able 
>>to forward unknown IPs to a gateway. This is because if I try to ping 
>>10.0.0.1 which is just another ethernet card in the router, I get a 
>>"destination unreachable" error, because the tinc VPN subnet looks like 
>>10.0.2.0/24, where 10.0.2.1 is the router end, and 10.0.2.2 is the win2k 
>>box. I can ping 10.0.2.1 from the win box.
>>
>>   The wireless link looks like this: 10.0.1.1 is the linux router, 
>>10.0.1.2 is the win2k box.
>>    
>>
>
>You should add Subnet = 10.0.1.1 to the host config file of the router
>and Subnet = 10.0.1.2 to the host config file of the win2k box.
>
>  
>
>>   In spite of the fact that the router works correctly, it even seems 
>>that if I try to ping someone on internet from the windows box, I get 
>>destination unreachable without the packets even getting tunneled 
>>through the VPN by tinc, using the wireless link for transport. I tried 
>>it with a sniffer, and indeed, packets dont even travel through the VPN 
>>when I try to ping some internet IP. I conclusioned this is a limitation 
>>of the windows tap driver.
>>    
>>
>
>Not at all. Those destination unreachable messages are generated by
>tinc, because it doesn't know a Subnet which matches the destination
>address of the packets you are trying to send.
>
>  
>
Ok I just did that for the windows tinc configuration files, and it's 
still the same. VPN is working, but I cannot ping internet sites. Is it 
possible to ping them through tinc? I tried subnet = 0.0.0.0, not working.

Thank you so much for your time.

Regards,
Alin-Adrian Anton.


Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list