Windows subnets
Andrew Savinykh
andrews at brutsoft.com
Thu Oct 7 02:56:55 CEST 2010
Alan,
thank you, this all makes perfect sense. The only outstanding problem is
that it it unlikely that with this setup computers in LAN A will be able
to receive broadcasts from computers in LAN B and vice-versa.
Cheers,
Andrew.
On 7/10/2010 11:52 a.m., Alan S. Lawee wrote:
>
> In order for you to configure this, you have to set up explicit
> routes, and the computers in each location that are hosting the tinc
> application must be able to route packets.
>
> A little more explanation is in order. As you are referring to the
> nodes as PC's, I am assuming that you are using the MsWindows
> operating system. Some versions (e.g. Windows 2000) are able to
> function as routers out of the box, others cannot function as routers,
> and yet others require some advanced configuration. (Linux or other
> x-based systems can all function as routers).
>
> Computers on LAN A are configured to use the broadband router as a
> default gateway in order to access the Internet. However, in order to
> accomplish the configuration you are looking for, you will have to set
> up a manual route on each of the computers on LAN A which will
> instruct them to go to the computer running tinc in order to reach the
> nodes on LAN B. The reverse will be true for the computers on LAN B.
>
> Your IDEA1 will not work because the subnet masks do not define
> distinct networks. IDEA2 has the same problem because the tinc subnet
> is not distinct from the other 2.
>
> So, to follow your example IDEA2, we have in household A, LAN A:
> 10.30.1.x and 3 PC's: PC-A.11, PC-A.12 & PC-A.13, plus a router:
> R-A.1; in household B, LAN B: 10.30.2.x, we have a similar
> configuration, PC-B.11, PC-B.12, PC-B.13 and R-B.1; the tinc
> application is hosted on each of PC-A.11 and PC-B.11 and will use the
> subnet 10.30.3.x.
>
> As an example, the IP configurations are as follows:
>
> PC-A.11: Default Gateway
> 10.30.1.1/255.255.255.0
>
> IP Address
> 10.30.1.11/255.255.255.0 on physical network interface
>
> IP Address
> 10.30.3.1/255.255.255.0 on virtual tinc interface
>
> Manual entry in
> routing table to 10.30.2.0/255.255.255.0 via 10.30.3.2
>
> PC-A.12, PC-A.13: Default Gateway 10.30.1.1/255.255.255.0
>
> IP Address
> 10.30.1.12/255.255.255.0 and 10.30.1.13/255.255.255.0
>
> Manual entry in
> routing table to 10.30.2.0/255.255.255.0 via 10.30.1.11
>
> PC-B.11: Default Gateway
> 10.30.2.1/255.255.255.0
>
> IP Address
> 10.30.2.11/255.255.255.0 on physical network interface
>
> IP Address
> 10.30.3.2/255.255.255.0 on virtual tinc interface
>
> Manual entry in
> routing table to 10.30.1.0/255.255.255.0 via 10.30.3.1
>
> PC-B.12, PC-B.13: Default Gateway 10.30.2.1/255.255.255.0
>
> IP Address
> 10.30.2.12/255.255.255.0 and 10.30.2.13/255.255.255.0
>
> Manual entry in
> routing table to 10.30.1.0/255.255.255.0 via 10.30.2.11
>
> Now every PC knows where to send packets destined for both the
> Internet and the other household. The PC's hosting tinc are acting as
> the virtual routers between the two sites. Note once again that
> various versions of Windows have this routing function disabled.
>
> Hope this helps you,
>
> Alan
>
> *From:* tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org]
> *On Behalf Of *Andrew Savinykh
> *Sent:* Wednesday, October 06, 2010 18:17
> *To:* tinc at tinc-vpn.org
> *Subject:* Re: Windows subnets
>
> Donald,
>
> thank you, while I still have some questions, your answer is
> definitely a step in the right direction.
> In the other reply I was asked what I'm trying to achieve. Let's
> consider the following scenario (which is quite similar to the one
> that described in the tinc manual).
>
> Let's assume we have two households, each has 3-5 computers in it.
> Both house holds have similar network configuration:
> They are connected to internet with an ADSL line and a router.
> The computers in the local network access internet via the router.
> The router is configured so that one of the computers have port 665
> forwarded to be accessible outside.
> The external IP is changed rarely and there is dynamic DNS service
> (external) in use to accommodate for the change of IP when it happens.
>
> One household has local network addresses of 192.168.1.* and the other
> has 10.1.1.*
> I'm installing tinc on one computer in each household.
>
> The goal is to let all computers in both house holds to see each other
> by ip address. Also it is desired that for computer games purposes
> all computers appear to be on the same LAN (for broadcasts). But this
> is not mandatory. (it appears that it's not possible without
> installing tinc on every PC
> as every tinc daemon serves a subnet and two tinc daemons can't serve
> a part of subnet each)
>
> All computers run different flavours of Windows, most being Windows 7.
>
> I have two ideas how to set this up, although I'm not sure if any of
> these two works:
>
> IDEA1.
> =====
> Household A
> Gateway IP: 10.30.0.1
> Gateway Mask: 255.255.255.0
> Gateway Default Gateway: ????
>
> Other PCs IP: 10.30.0.2,3,4 etc
> Other PCs Mask: 255.255.255.0
> Other PCs Deafult Gateway: 10.30.0.1
>
> Tinc Subnet: 10.30.0.0/25
>
> Household B
> Gateway IP: 10.30.0.129
> Gateway Mask: 255.255.255.0
> Gateway Default Gateway: ????
>
> Other PCs IP: 10.30.0.130,131,132 etc
> Other PCs Mask: 255.255.255.0
> Other PCs Default Gateway: 10.30.0.129
>
> Tinc Subnet: 10.30.0.128/25
>
>
> IDEA2.
> =====
> Household A
> Gatway IP: 10.30.0.1
> Gateway Mask: 255.255.255.0
> Gateway Default Gateway: ????
>
> Other PCs IP: 10.30.0.2-255 etc
> Other PCs Mask: 255.255.255.0
> Other PCs Default Gateway: 10.30.0.1
>
> Tinc Subnet: 10.30.0.0/24
>
> Household B
> Gateway IP: 10.30.1.1
> Gateway Mask: 255.255.255.0
> Gateway Default Gateway: ????
>
> Other PCs IP: 10.30.1.2-255 etc
> Other PCs Mask: 255.255.255.0
> Other PCs Default Gateway: 10.30.0.129
>
> Tinc Subnet: 10.30.1.0/24
>
>
> So IDEA 1 probably won't work at all. Will it? And with IDEA 2 the
> pc's won't appear on the same LAN and their broadcasts won't reach
> each other.
> As far as I understand I need to install TAP interface on each of the
> participating windows PCs, correct?
> What is specified in default gateway of the gateways?
>
>
> Thank you in advance,
> Andrew
>
> On 7/10/2010 4:36 a.m., Donald Pearson wrote:
>
> The PCs that you want to participate need to have a route for the VPN
> subnet pointing to their local VPN gateway, which would be the local
> device with Tinc installed on it.
>
> Theoretical configuration example.
>
> VPN subnet is 10.10.10.0/24 <http://10.10.10.0/24>
>
> At a location, one computer 192.168.1.254/24 <http://192.168.1.254/24>
> connects to the VPN and serves as the VPN gateway. This gateway needs
> to be configured for TCP/IP forwarding.
>
> http://support.microsoft.com/kb/315236 - windows
>
> http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ - linux
>
> Other computers local to the gateway need a route to the VPN network
> added so they know how to get there.
>
> In windows. route -p add 10.10.10.0 mask 255.255.255.0 192.168.1.254
>
> This will add the persistent route that remains after reboot.
>
> Does that answer your question?
>
> On Wed, Oct 6, 2010 at 6:41 AM, Andrew Savinykh <andrews at brutsoft.com
> <mailto:andrews at brutsoft.com>> wrote:
>
> Thank you for your reply. As far as I can see there is no point
> specifying subnet that consists of more than one PC in tinc config if
> you are going to install tinc on every PC in the subnet anyway.
> Correct me if I'm wrong.
> Now, assuming I'm right, there will be PCs in the subnet that don't
> have tinc installed on them. How to configure these PCs so they are a
> part of the subnet and participate in routing?
>
> Cheers,
> Andrew
>
>
>
> On 6/10/2010 10:13 p.m., Cédric Lemarchand wrote:
>
> Hi,
>
> I am not sure to understand what you mean with "joining" a subnet.
>
> But if your "local computer" need to reach the "remote subnet"
> served by tinc, you can set the local IP of the local tinc server
> as the default gateway, or add a route to the remote subnet via
> the local tinc IP. Of course, computer located on the remote
> subnet need the same thing.
>
> Cédric
>
> Le 06/10/10 09:37, Andrew Savinykh a écrit :
>
> Hello all,
>
> I understand that each tinc daemon corresponds to one or more
> subnets that it "owns" a subnet can be a single ip or more.
> Could you please tell me what do I need to do to join a computer
> in local network (windows) to a subnet served by tinc?
>
> Thank you in advance,
> Andrew
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
> --
>
> *Cédric Lemarchand -- iXSea SAS*
>
> Administrateur Système & Réseaux
>
> http://www.ixsea.com/ - <cedric.lemarchand at ixsea.com>
> <mailto:cedric.lemarchand at ixsea.com>
>
> Tel: +33 1 30 08 8888 -- GSM: +33 6 37 23 40 93
>
>
>
> _______________________________________________
>
> tinc mailing list
>
> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
>
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20101007/4145a8f2/attachment-0001.htm>
More information about the tinc
mailing list