wireless vpn + nat
Alin-Adrian Anton
aanton at reversedhell.net
Wed Nov 26 21:11:04 CET 2003
Guus Sliepen wrote:
>On Mon, Nov 24, 2003 at 12:12:48PM +0200, Alin-Adrian Anton wrote:
>
>
>
>>Ok I just did that for the windows tinc configuration files, and it's
>>
>>
>
>You should do it on the linux router as well.
>
>
>
>>still the same. VPN is working, but I cannot ping internet sites. Is it
>>possible to ping them through tinc? I tried subnet = 0.0.0.0, not working.
>>
>>
>
>Yes it is possible. But I don't know your exact setup, so I can't tell
>you what you're doing wrong.
>
>
>
Sorry, here are all the details.
1) On the linux router side:
root at fire:/usr/local/etc/tinc# cat tinc.conf
Name = firewall
Device = /dev/net/tun
BindToInterface = eth2
#PrivateKeyFile = /usr/local/etc/tinc/rsa_key.priv
#PublicKeyFile = /usr/local/etc/tinc/hosts/firewall
root at fire:/usr/local/etc/tinc#
root at fire:/usr/local/etc/tinc/hosts# cat firewall
Address = 10.0.1.1
Subnet = 10.0.2.0/24
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAOhWWbczMI320iC69MOY2NEKREXBoMhovfKdwFC+9R2GJLnQ5JVkt0qi
83pKShi7fZcfz6NyhbJX+L9chvAULYoyJtBT7h6zTjWBcLAwLI6NTOpY4rgugZnp
fZ+IOnY/udKTDWsS7lMxnwt2ZuWzlD+8/SMSm1kILKeUeW/1JnbbAgMBAAE=
-----END RSA PUBLIC KEY-----
root at fire:/usr/local/etc/tinc/hosts#
root at fire:/usr/local/etc/tinc/hosts# cat home
Address = 10.0.1.2
Subnet = 10.0.2.2/32
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAM67LIDDJpeL7ofihWEZUGSd8MZPTVRPHgKLVD0g4NR11s+ga3RQ56R8
hczXoFsaakTigkNb2lTVsWIW2ZtDl97vVyXk4fJwpYAjybQENJkIm05RSO+8TmwB
spK1LZ3jABfWRc6GjqnzgBOv2JDtFmbNM9deo9+Z+UsMfTsf6o2PAgMBAAE=
-----END RSA PUBLIC KEY-----
root at fire:/usr/local/etc/tinc/hosts#
root at fire:/usr/local/etc/tinc# cat tinc-up
#!/bin/sh
ifconfig tun0 10.0.2.1 netmask 255.255.255.0
root at fire:/usr/local/etc/tinc#
root at fire:/usr/local/etc/tinc# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:C0:4F:AE:F9:51
inet addr:81.196.X.X Bcast:81.196.X.X Mask:255.255.255.X
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:534249 errors:0 dropped:0 overruns:0 frame:0
TX packets:3431 errors:0 dropped:0 overruns:0 carrier:0
collisions:18 txqueuelen:100
RX bytes:34886465 (33.2 Mb) TX bytes:385697 (376.6 Kb)
Interrupt:12 Base address:0xdc40
eth1 Link encap:Ethernet HWaddr 00:02:B3:2F:61:1E
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3517 errors:0 dropped:0 overruns:0 frame:0
TX packets:3591 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:400742 (391.3 Kb) TX bytes:2803847 (2.6 Mb)
Interrupt:11 Base address:0x1000
eth2 Link encap:Ethernet HWaddr 00:04:E2:7F:B5:E8
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:427 errors:0 dropped:0 overruns:0 frame:0
TX packets:114 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:65021 (63.4 Kb) TX bytes:45736 (44.6 Kb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun0 Link encap:Point-to-Point Protocol
inet addr:10.0.2.1 P-t-P:10.0.2.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:201 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:23447 (22.8 Kb) TX bytes:37327 (36.4 Kb)
2) On the windows 2000 side:
in hosts/firewall:
Address = 10.0.1.1
Subnet = 10.0.2.1/24
Subnet = 10.0.1.1
----BEGIN RSA
----END
in hosts/home:
Address = 10.0.1.2
Subnet = 10.0.2.2/32
Subnet = 10.0.1.2
----BEGIN RSA
----END
tinc.conf:
Name = home
ConnectTo = firewall
Interface = VPN
Ok, i hope this information is complete, and that it will enable you
to help me. I thank you again, and I appologise for the delay.
Best Regards,
Alin-Adrian Anton.
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list