Different networks over NAT

Arjen Haayman arjen at eastsite.nl
Wed Mar 9 21:47:37 CET 2005 

Hi,

I've been struggling for almost a week now, but I can't get the 
following setup to work.

At home I have class A network: 10.0.0.0/16 with a masquerading gateway 
10.0.0.1 running tinc.

At work (http://www.eastsite.nl) we have a 192.168.0.0/24 network. The 
gateway is called 'ed'

I've set up tinc on 'gateway' and everything is working fine from 
'gateway', but none of the machines on my local network can access the 
remote network.

Here's what I've got:

[root op gateway eastsite]# cat tinc.conf
# tinc configuration
Name = tinc_linux
ConnectTo = tinc_ed
KeyExpire = 30000000
#Mode = hub

[root op gateway eastsite]# cat tinc-up
ifconfig $INTERFACE 192.168.4.1 netmask 255.255.0.0
route add -net 192.168.4.0 netmask 255.255.255.0 eth1
route add -net 192.168.0.0 netmask 255.255.255.0 $INTERFACE

[root op gateway hosts]# cat tinc_ed
Address = remote.address.nl
Subnet = 192.168.0.0/24
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----

[root op gateway hosts]# cat tinc_linux
Address = local.address.nl
Subnet = 192.168.4.0/24
Subnet = 10.0.0.0/8
Port=655
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----

I've also added some rules to the firewall:

$LOGGER "VPN regels"
iptables -A INPUT  -p tcp --dport 655         -j ACCEPT
iptables -A INPUT  -p udp --dport 655         -j ACCEPT
iptables -A OUTPUT -p tcp --dport 655         -j ACCEPT
iptables -A OUTPUT -p udp --dport 655         -j ACCEPT

iptables -t nat -A PREROUTING -j DNAT -i $EXTIF -p tcp --dport 655 --to 
10.0.0.1:655

------------ results ------------------------------

[root op gateway hosts]# ping ed
PING ed (192.168.0.1) 56(84) bytes of data.
64 bytes from ed (192.168.0.1): icmp_seq=1 ttl=64 time=44.3 ms
64 bytes from ed (192.168.0.1): icmp_seq=2 ttl=64 time=48.4 ms

--- ed ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2026ms
rtt min/avg/max/mdev = 44.359/46.428/48.498/2.080 ms

[root op gateway hosts]# ping zion
PING zion (192.168.0.3) 56(84) bytes of data.
64 bytes from zion (192.168.0.3): icmp_seq=1 ttl=63 time=47.3 ms

--- zion ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 47.387/47.387/47.387/0.000 ms

On another machine:

haayman op linux:~> ping ed
PING ed (192.168.0.1) 56(84) bytes of data.

--- ed ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1009ms


Changing the routing-table on 'ed' is no option, because our 
system-administrator refuses (rightly so) to add routing to every 
employees network.

What seems to be the problem?

-- 
Arjen Haayman
-- cogito ergo bicyclo --

  

-- 
Arjen Haayman
-- cogito ergo bicyclo --

More information about the tinc mailing list