Subnet / routing question
Guus Sliepen
guus at tinc-vpn.org
Wed Nov 12 12:16:33 CET 2008
On Wed, Nov 12, 2008 at 11:33:46AM +0100, Hans de Groot wrote:
[...]
> Subnet = 5.1.0.0/16
> Subnet = 192.168.0.0/24
[...]
> So I thought that this was al that is neccesary to beable to connect
> from system C to the 192.168.0.0 subnet on system A
>
> But when I ping or traceroute on system C to 192.168.0.16 (an existing
> ip on the subnet of system A) it simply uses the default gw on system C
> which of course cannot find that ip.
>
> So, my question is, Do I have to manually add routes in all systems
> involved? Or am I missing something here?
> If I have to add routes, why do I have to Add the extra Subnet lines
> telling tinc which subnet resides on which tincd?
The kernel needs to know where packets for your VPN have to go to, so in the
tinc-up script you'd put something like:
#!/bin/sh
ifconfig $INTERFACE 5.1.0.1 netmask 255.0.0.0
route add -net 192.168.0.0 netmask 255.255.0.0 dev $INTERFACE
However, tinc needs to know to which other tinc daemon it has to send packets.
It needs to know which subnet of your VPN belongs to which tinc daemon. So your
host config files will contain Subnet statements for subnets with a smaller
netmask than you provide your kernel with.
If you have a very complex network and adding routes with large netmasks isn't
an option, you can use the subnet-up and subnet-down scripts to automatically
add routes based on the Subnets you configured. Another option is to use Mode =
switch, which causes tinc to function like a layer 2 switch instead of a layer
3 router (and hence it doesn't need to know about Subnets at all), however then
you have to use bridging or proxy-arp to make your local networks visible on
the VPN.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20081112/f430f9cb/attachment.pgp
More information about the tinc
mailing list