1 Server, Multiple Client Setup

Andrew Barlow andrew.barlow at gmail.com
Thu Mar 5 12:12:45 CET 2009 

OK... I've tried what you said, but I keep getting a "Error on ADD_SUBNET"
on the client machine.

Here are my configuration files and setup:

*Server Setup:*

*tinc.conf*

AddressFamily = ipv4
Device = /dev/net/tun
Mode = switch
Name = masterserver
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
BindToInterface = eth1
TunnelServer = yes

*tinc-up*

ifconfig $INTERFACE 10.1.1.1 netmask 255.0.0.0

*hosts/masterserver* (The address is my external IP address)

Compression = 0
Subnet = 10.1.0.0/16
Address = 87.*.*.*
Port = 655
TCPonly = yes
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----

*hosts/client1*

Compression = 0
Subnet = 10.2.0.0/16
Port = 655
TCPonly = yes
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----

*ifconfig ouput*

vpn       Link encap:Ethernet  HWaddr a6:7e:2b:ad:80:ea
          inet addr:10.1.1.1  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::a47e:2bff:fead:80ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:238 (238.0 B)


*Client1 Settings*

*tinc.conf*

AddressFamily = ipv4
Device = /dev/net/tun
Name = client1
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
BindToInterface = eth1
TunnelServer = yes


*tinc-up*

ifconfig $INTERFACE 10.1.1.1 netmask 255.0.0.0

*hosts/masterserver* (The address is my external IP address)

Compression = 0
Subnet = 10.1.0.0/16
Address = 87.*.*.*
Port = 655
TCPonly = yes
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----

*hosts/client1* (The address is my external IP address)

Compression = 0
Subnet = 10.2.0.0/16
Port = 655
TCPonly = yes
ConnectTo = masterserver
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----


Sadly, I can't get to the ifconfig output on the client right now, but I
don't know if you need that or not. I don't see whats wrong here. I thought
maybe you could shine some light on it?

Cheers,

Andy Barlow


2009/3/4 Guus Sliepen <guus at tinc-vpn.org>

> On Wed, Mar 04, 2009 at 03:03:29PM +0000, Andrew Barlow wrote:
>
> > I'll give it another shot, although i'm sure that's how I had it setup,
> but
> > the server kept saying it didn't know how to get to the client, because
> the
> > clients host file on the server doesn't contain an address for the host
> > (Because the client address is dynamic).
>
> It sounds like you added "ConnectTo = client" lines to the tinc.conf on the
> server. You should remove those. It's enough if the client has a ConnectTo
> =
> server.
>
> > Also, how could I circumvent the nat problem? With a simple port opening
> of
> > TCP/UDP 655 wherever the clients are (if they can)?
>
> That would help.
>
> > Could you post an example tinc.conf for the server and one of the clients
> > for me so I can see what I got matches what you got, based on my previous
> > email? Maybe a host file for each too so I can see how thats done?
> >
> > My previous testing got me connected to each other but I had to manually
> > have the external IPs of each client setup in each host... but as the
> only
> > machine that doesn't change address is the server, its not very flexible
> or
> > convenient.
>
> You don't have to add Addresses of clients if you remove the ConnectTo
> lines
> from the server's tinc.conf.
>
> > I must also note that the server will be running Ubuntu Server 9.04 (Tinc
> > version 1.0.9) and some of the clients will be linux and some will be
> > Windows. For the moment though, its all Linux on Linux action. I assume
> Tinc
> > doesn't care as long as the host files and tinc.confs are setup ok?
>
> That's correct.
>
> --
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <guus at tinc-vpn.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkmum/IACgkQAxLow12M2ntldACfYofA32sRNo6gZo8Gw5+QLMo/
> vGsAoKg53rQe+X6j7szBe97k/erKA0kD
> =DBap
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20090305/535d68b9/attachment.htm

More information about the tinc mailing list