Making available a subnet using a device behind nat router
Guus Sliepen
guus at tinc-vpn.org
Sun Oct 6 15:46:46 CEST 2013
On Sat, Oct 05, 2013 at 03:42:49PM -0600, Lance Fredrickson wrote:
> I run tinc on a series of routers running 3rd party firmware
> (tomato). Since tinc is running on the gateway device, its routing
> table is aware of the mesh vpn. At each endpoint, any device one
> subnet can access any device on another subnet.
> I now have the situation where I need to make a new endpoint and
> entire subnet available on the mesh. In this situation I have a
> device running tinc that is behind nat, so it is not the gateway
> device. Currently I can access the single machine, but I don't have
> access to the entire subnet.
> i've enable ip forwarding on the device running tinc by editing
> /etc/sysctl.conf. I suppose I need to add some sort of rule to the
> router/gateway device to know where to send requests bound for the
> mesh, but I'm not sure how to do this.
You should add a route to the gateway that directs all traffic for your mesh to
the LAN IP address of the device running tinc. How you should add a route
depends on what kind of gateway device you have.
If it is not possible to add a route on the gateway, then your best option is
to let the device running tinc masquerade traffic from the mesh to the LAN.
That will allow computers in the mesh access the LAN, but not the other way
around.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20131006/072292a8/attachment.sig>
More information about the tinc
mailing list