Making available a subnet using a device behind nat router

[Lance Fredrickson]

Thanks for pointing me in the right direction.  I do have access to the 
gateway.  Was as simple as adding a static route to the gateway just 
like you said (tomato has this available in the gui). Bi-directional 
subnet traffice working perfectly.

thanks,
Lance

On 10/6/2013 7:46 AM, Guus Sliepen wrote:
> On Sat, Oct 05, 2013 at 03:42:49PM -0600, Lance Fredrickson wrote:
>
>> I run tinc on a series of routers running 3rd party firmware
>> (tomato).   Since tinc is running on the gateway device, its routing
>> table is aware of the mesh vpn.  At each endpoint, any device one
>> subnet can access any device on another subnet.
>> I now have the situation where I need to make a new endpoint and
>> entire subnet available on the mesh. In this situation I have a
>> device running tinc that is behind nat, so it is not the gateway
>> device.  Currently I can access the single machine, but I don't have
>> access to the entire subnet.
>> i've enable ip forwarding on the device running tinc by editing
>> /etc/sysctl.conf.  I suppose I need to add some sort of rule to the
>> router/gateway device to know where to send requests bound for the
>> mesh, but I'm not sure how to do this.
> You should add a route to the gateway that directs all traffic for your mesh to
> the LAN IP address of the device running tinc. How you should add a route
> depends on what kind of gateway device you have.
>
> If it is not possible to add a route on the gateway, then your best option is
> to let the device running tinc masquerade traffic from the mesh to the LAN.
> That will allow computers in the mesh access the LAN, but not the other way
> around.
>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20131006/931644b6/attachment.html>