Bridging on windows networks
Donald Pearson
donaldwhpearson at gmail.com
Wed Feb 3 21:42:23 CET 2010
You don't have any route on your other computer telling it where to go.
It's network is 192.168.0.0/24 (255.255.255.0 mask). For any destinations
outside of that network, it sends traffic to it's default gateway
192.168.0.1.
Your VPN network is 10.20.0.0/16 (255.255.0.0 mask). This computer right
now is trying to get to the 10.20.0.0/16 network through the default gateway
of 192.168.0.1 because it doesn't know any better.
If you want the 2nd host to reach that network, you need to tell it how to
get there.
You need a route that looks something like this.
Network Dest. Netmask Gateway Interface
Metric
10.20.0.0 255.255.0.0 192.168.0.155 192.168.0.168 1
The command is something like;
route ADD 10.20.0.0 MASK 255.255.0.0 192.168.0.155 METRIC 1 IF 192.168.0.168
the "IF 192.168.0.168" at the end may not work, you may need to use the
numbered alias for the interface. At the top of "route print" the
interfaces are listed. The first of each item is it's number alias. The
MAC address is also listed so you can do an "ipconfig/all" to get the MAC of
your physical network adapter to verify the interface. The number "1" is
always the loopback, and is the same as 127.0.0.1 for example.
*
10.20.30.1/192.168.0.155
==============================*
>
> *==============================**===============
> Interface List
> 0x3 ...00 ff 03 32 1e 50 ...... TAP-Win32 Adapter V9 - Packet Scheduler
> Miniport
> ==============================**==============================**
> ===============
> ==============================**==============================**
> ===============
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.155 20
> 10.20.0.0 255.255.0.0 10.20.30.1 10.20.30.1 30
> 10.20.30.1 255.255.255.255 127.0.0.1 127.0.0.1 30
> 10.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 30
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.0.0 255.255.255.0 192.168.0.155 192.168.0.155 20
> 192.168.0.155 255.255.255.255 127.0.0.1 127.0.0.1 20
> 192.168.0.255 255.255.255.255 192.168.0.155 192.168.0.155 20
> 224.0.0.0 240.0.0.0 10.20.30.1 10.20.30.1 30
> 224.0.0.0 240.0.0.0 192.168.0.155 192.168.0.155 20
> 255.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 1
> 255.255.255.255 255.255.255.255 192.168.0.155 192.168.0.155 1
> Default Gateway: 192.168.123.1
> ==============================**==============================**
> ===============
> Persistent Routes:
> None
>
> xxx.xxx.xxx.xxx/192.168.0.155
>
> ==============================* *==============================**
> ===============
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.168 25
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> 192.168.0.0 255.255.255.0 192.168.0.168 192.168.0.168 25
> 192.168.0.168 255.255.255.255 127.0.0.1 127.0.0.1 25
> 192.168.0.255 255.255.255.255 192.168.0.168 192.168.0.168 25
> 224.0.0.0 240.0.0.0 192.168.0.168 192.168.0.168 25
> 255.255.255.255 255.255.255.255 192.168.0.168 192.168.0.168 1
> 255.255.255.255 255.255.255.255 192.168.0.168 2 1
> 255.255.255.255 255.255.255.255 192.168.0.168 10006 1
> 255.255.255.255 255.255.255.255 192.168.0.168 20004 1
> Default Gateway: 192.168.0.1
> ==============================**==============================**
> ===============
> Persistent Routes:
> None
>
> Just to recap. 168 can ping 155 just fine. 155 can ping 10.20.40.1 and
> 10.20.50.1 (both distant nodes of the vpn) just fine and they can ping
> 10.20.30.1 just fine. But since 168 can't ping 10.20.30.1, it
> obviously can't find 10.20.40.1 or 10.20.50.1.
>
> I should also note that when I say that it *can* ping a computer, it
> also sees all windows shares just fine.
>
> Thanks for looking at this.*
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
On Tue, Feb 2, 2010 at 1:30 PM, Anon <anon4321 at gmail.com> wrote:
> >> I don't think adding IP forwarding will help, will it? I added it
> >> through modifying the registry, but it doesn't have any impact.
>
> >> Yes shure, you must have forwaring/routing activated on every tinc host,
> >> or he can't gate your packets to the other network.
> >> Sorry, don't know the exact names, should be in services - routing and
> >> ras. I have German XP ;-)
>
> My paragraph above says that I did find how to add forwarding. I
> confirmed that it
> was not activated, yet the vpn worked fine. I then activated it, and
> the vpn continues
> to work fine. In both states, non-host computers can not access the vpn.
>
> >> Based on the below, I'm trying to ping 10.20.40.1 from 192.168.0.168,
> >> but since I can't
> >> even ping 10.20.30.1 from 192.168.0.168 (although I can ping
> >> 192.168.0.1 from 192.168.0.168,
> >> of course) I think I'm stuck. Once I can ping 10.20.30.1 from
> >> 192.168.0.168
> >> I can then worry about getting to 10.20.40.1, which, if it requires
> >> TCP/IP forwarding,
> >> I'll do that.
>
> > Yes exactly, first get ping from 192.168.0168 to 10.20.30.1, until this
> > does not work, check ip routing/forwarding and your static routing on
> > 192.168.0.155+168
> > Can you send "route print" from this two computers?
>
> 10.20.30.1/192.168.0.155
>
> ===========================================================================
> Interface List
> 0x3 ...00 ff 03 32 1e 50 ...... TAP-Win32 Adapter V9 - Packet Scheduler
> Miniport
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.155 20
> 10.20.0.0 255.255.0.0 10.20.30.1 10.20.30.1 30
> 10.20.30.1 255.255.255.255 127.0.0.1 127.0.0.1 30
> 10.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 30
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.0.0 255.255.255.0 192.168.0.155 192.168.0.155 20
> 192.168.0.155 255.255.255.255 127.0.0.1 127.0.0.1 20
> 192.168.0.255 255.255.255.255 192.168.0.155 192.168.0.155 20
> 224.0.0.0 240.0.0.0 10.20.30.1 10.20.30.1 30
> 224.0.0.0 240.0.0.0 192.168.0.155 192.168.0.155 20
> 255.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 1
> 255.255.255.255 255.255.255.255 192.168.0.155 192.168.0.155 1
> Default Gateway: 192.168.123.1
> ===========================================================================
> Persistent Routes:
> None
>
> xxx.xxx.xxx.xxx/192.168.0.155
>
> ===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.168 25
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> 192.168.0.0 255.255.255.0 192.168.0.168 192.168.0.168 25
> 192.168.0.168 255.255.255.255 127.0.0.1 127.0.0.1 25
> 192.168.0.255 255.255.255.255 192.168.0.168 192.168.0.168 25
> 224.0.0.0 240.0.0.0 192.168.0.168 192.168.0.168 25
> 255.255.255.255 255.255.255.255 192.168.0.168 192.168.0.168 1
> 255.255.255.255 255.255.255.255 192.168.0.168 2 1
> 255.255.255.255 255.255.255.255 192.168.0.168 10006 1
> 255.255.255.255 255.255.255.255 192.168.0.168 20004 1
> Default Gateway: 192.168.0.1
> ===========================================================================
> Persistent Routes:
> None
>
> Just to recap. 168 can ping 155 just fine. 155 can ping 10.20.40.1 and
> 10.20.50.1 (both distant nodes of the vpn) just fine and they can ping
> 10.20.30.1 just fine. But since 168 can't ping 10.20.30.1, it
> obviously can't find 10.20.40.1 or 10.20.50.1.
>
> I should also note that when I say that it *can* ping a computer, it
> also sees all windows shares just fine.
>
> Thanks for looking at this.
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100203/8a1262e0/attachment.htm>
More information about the tinc
mailing list