Tinc on OsX, partial success

Guus Sliepen guus at sliepen.eu.org
Tue Nov 23 14:18:35 CET 2004 

On Mon, Nov 22, 2004 at 03:07:09PM +0000, Tincer wrote:

> I have now got the tinc demons (on network OFFICES) on BranchB and 
> BranchA talking to each other, see below for log from BranchB. For 
> some trouble shouting issues relating to OsX see at the end of my 
> e-mail.
> 
> However, I have not yet achieved the network connectivity/routing 
> that I would like.
> 
> The aim is:
> BranchB is a laptop
> I would like to connect it (via tinc) to my office network, so that 
> the laptop appears to be a genuine member of the Office network, like 
> an extension of the office network.

You can do that if you set up proxy arp on the office side, or if you
use bridging. I wouldn't know how to do that on MacOS/X, but I'm sure it
is possible. However, do you really need the laptop to appear like a
member of the Office network?

> I am happy if ALL traffic from and to the laptop goes through the 
> tinc connection (i.e. no split routing is required, at least not for 
> the moment).

Split routing is the "default" with tinc.

> My current configuration
[...]

Looks good to me.

> The tinc demon is running of the laptop (BranchB), and has connected 
> to the demon in the office (BranchA)
> 
> - As the laptop should route only itself through the vpn (and not 
> other CPUs on 222.222.222.x is it correct to configure subnet in the 
> BranchB hostfile as Subnet = 192.168.2.1/32, i.e. with a /32 mask

Yes.

> - Despite the running demons if I open an Browser on the laptop the 
> browser connects though the public IP 222.222.222.3, and not through 
> the vpn.
> Which routing info is missing and how do I add this under OsX?

If you want to browse webpages on the VPN, then you have to use the
VPN IP addresses in the URL.

If you want to route everything through the VPN, then you have to add a
route that tells MacOS/X that all packets should go via tun0. Something
like this should do that:

route add 0.0.0.0/0 192.168.2.1

However, you should also make sure that tinc still connects to the
office via the public IP, so you have to add another route like this:

route add 123.123.123.7/32 222.222.222.3

But I don't see the point in routing everything through the VPN.

> Hints for running the tinc binary on OsX
[...]

The binaries we provide on the download page are not supported. They are
just proof for us and you that tinc compiles on that platform.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20041123/ea99fd85/attachment.pgp

More information about the tinc mailing list