routing thru tinc
Guus Sliepen
guus at tinc-vpn.org
Thu Jul 7 13:32:13 CEST 2011
On Thu, Jul 07, 2011 at 01:09:00PM +0200, Loic Dachary wrote:
> I setup tinc on two hosts with IP 192.168.200.102 on the first and IP
> 192.168.200.101 on the second. And it works. Now I would like to route
> packets thru 192.168.200.101 from 192.168.200.102 by adding the
> following route:
>
> ip route add 10.10.70.0/24 via 192.168.200.101 dev TINCDEVICE
Gateway routes do not work as you expect in router mode. The above is
equivalent to the same command without the via part:
ip route add 10.10.70.0/24 dev TINCDEVICE
You can either use Mode = switch, in which case the gateway route will work as
you intended, or you can keep using router mode, but then you have to add
"Subnet = 10.10.70.0/24" to hosts/name_of_second_node, so that tinc will know
that packets with addresses in that Subnet have to be sent to the second node.
> However, when I ping 10.10.70.254 from 192.168.200.102, I see the packet
> being sent to TINCDEVICE (tcmpdump)
>
> 13:04:17.675440 IP 192.168.200.102 > 10.10.70.254: ICMP echo request, id
> 6201, seq 1, length 64
You can see in the tcpdump that there is no mention of "192.168.200.101" in
that packet. The only effect a via statement has is on Ethernet networks, where
ARP will be used to find which MAC address belongs to the gateway address, and
then packets will be sent to that MAC address. Still, it went to the right
interface.
> 13:04:17.675467 IP 10.10.70.254 > 192.168.200.102: ICMP net 10.10.70.254
> unreachable - unknown, length 92
This is tinc complaining it doesn't know about 10.10.70.254.
I hope this helps.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110707/7c482b68/attachment.pgp>
More information about the tinc
mailing list