ping between nated hosts

Christian Lyra lyra at pop-pr.rnp.br
Tue Feb 17 15:07:59 CET 2009 

On Tuesday 17 February 2009, Donald Pearson wrote:
>  Can you give some more detail about the specifics of the network? 
> Such as the subnetting?   Is the Tinc interface on A bridged?

No bridge. Here is the details:

tinc.conf files:

Host A:
Name = hosta
Device = /dev/net/tun
Mode = switch

Host B:
Name = hostb
ConnecTo = hosta
Device = /dev/net/tun
Mode = switch

Host C:
Name = hostc
ConnecTo = hosta
Device = /dev/net/tun
Mode = switch

Host files (same on all hosts)
hosta:
Address = <public ip address>
-----BEGIN RSA PUBLIC KEY-----
xxx
-----END RSA PUBLIC KEY-----

hostb:
IndirectData = yes
Port = 657
-----BEGIN RSA PUBLIC KEY-----
xxx
-----END RSA PUBLIC KEY-----

hostc:
IndirectData = yes
Port = 658
-----BEGIN RSA PUBLIC KEY-----
XXX
-----END RSA PUBLIC KEY-----

tinc-up files:
A:
ifconfig testnet 4.0.0.1 netmask 255.255.255.0

B:
ifconfig testnet 4.0.0.3 netmask 255.255.255.0

C: 
ifconfig testnet 4.0.0.4 netmask 255.255.255.0

daemon started on all hosts with "tincd -n testnet"

so... just after start

From B:
# ping 4.0.0.4
PING 4.0.0.4 (4.0.0.4) 56(84) bytes of data.
From 4.0.0.3 icmp_seq=1 Destination Host Unreachable
From 4.0.0.3 icmp_seq=2 Destination Host Unreachable

then, from C:
$ ping 4.0.0.3
PING 4.0.0.3 (4.0.0.3): 56 data bytes
64 bytes from 4.0.0.3: icmp_seq=0 ttl=64 time=744.0 ms
64 bytes from 4.0.0.3: icmp_seq=1 ttl=64 time=313.7 ms

Again from B:
# ping 4.0.0.4
PING 4.0.0.4 (4.0.0.4) 56(84) bytes of data.
64 bytes from 4.0.0.4: icmp_seq=1 ttl=64 time=338 ms
64 bytes from 4.0.0.4: icmp_seq=2 ttl=64 time=318 ms

# arp -n
Address   HWtype  HWaddress           Flags Mask            Iface
4.0.0.4    ether   00:FF:04:F4:27:77   C                     testnet

wait, wait, wait... 

# arp -n
< no more 4.0.0.4 entry>

# ping 4.0.0.4
PING 4.0.0.4 (4.0.0.4) 56(84) bytes of data.
From 4.0.0.3 icmp_seq=1 Destination Host Unreachable
From 4.0.0.3 icmp_seq=2 Destination Host Unreachable

More information:

A tcpdump -n -i testnet on A shows:
15:38:05.615615 arp who-has 4.0.0.4 tell 4.0.0.3
15:38:06.649828 arp who-has 4.0.0.4 tell 4.0.0.3

A tcpdump -n -i testnet on C shows nothing.



>  On Mon, Feb 16, 2009 at 10:23 PM, Christian Lyra <lyra at pop-pr.rnp.br> 
wrote:
>  > Hi there,
>  >
>  > I´m trying to use tinc to solve this scenario:
>  >
>  > Host A has public/know ip address
>  > Hosts B and C are behind nat
>  >
>  > I´m using switch mode, and hosts B and C has IndirectMode enabled.
>  > Host A is in listen only mode (no ConnectTo set), hosts B and C
>  > connects to A.  Everything works almost as expected... B and C
>  > connects to A, and they can ping each other, but ONLY after each
>  > other learns the other MAC thru A. What I mean is: if I start A,
>  > B, C, and try to ping C from B, ping will fail, but if I send a
>  > ping to A from C, then B will be able to ping C as it will learn
>  > the MAC of C thru A. If there´s no traffic between the hosts for a
>  > while, then the arp entries will expire from arp tables and the
>  > problem will happen again.
>  >
>  > Is there a way to solve this with a tinc configuration? leaving a
>  > cron job to make nated hosts ping A is not a elegant option :-(
>  >
>  > --
>  > Christian Lyra
>  > PoP-PR/RNP
>  > _______________________________________________
>  > tinc mailing list
>  > tinc at tinc-vpn.org
>  > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc



-- 
Christian Lyra
POP-PR - RNP

http://lyra.soueu.com.br

I will not wear long, heavy cloaks. While they certainly make a bold 
fashion statement, they have an annoying tendency to get caught in 
doors or tripped over during an escape.
			The Top Things I'd Do
			If I Ever Became an Evil Overlord

More information about the tinc mailing list