Multiple VPN connections and routing problem
Guus Sliepen
guus at tinc-vpn.org
Tue Oct 27 16:21:55 CET 2009
On Tue, Oct 27, 2009 at 03:23:28PM +0100, Natanael Yngvesson wrote:
> I have 3 servers.
> MASTER, OFFICE and BACKUP
> 2 different VPN tunnels called "vpn"(MASTER <=> OFFICE) and "btun"(MASTER
> <=> BACKUP).
Why do you have two separate VPNs? Tinc can handle multiple connections.
> The problem is the "btun" tunnel....BACKUP can connect to MASTER, but
> MASTER can't connect to BACKUP.
>
> When MASTER is trying to ping BACKUP, the firewall on MASTER register
> this:
>
> root at prod:~# tail -f /var/log/messages | grep 192.168.3.1
> Oct 27 15:03:38 prod kernel: [62614.001583] TESTOUTIN= OUT=btun
> SRC=192.168.0.1 DST=192.168.3.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
> PROTO=ICMP TYPE=8 CODE=0 ID=34912 SEQ=1
>
> BACKUP firewall do not register anything, so the traffic is going
> somewhere else.
> OFFICE firewall do not register anything either.
>
> I think it's a routing problem, but I can't see where.
Well your routing tables look fine, and your firewall logs the packet as going
out via the btun interface, that looks fine as well. I think it's rather a
firewall problem. Can you show us the output of "iptables -vxnL" and "iptables
-t nat -vxnL" from both MASTER and BACKUP?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20091027/fd1a0fab/attachment.pgp>
More information about the tinc
mailing list