Tinc tunnel between two subnets
Zia Syed
xia.syed at gmail.com
Tue Jul 8 21:33:10 CEST 2014
Thanks guys. First off, i removed the 15.0.0.0 and now I can am not able to
ping even A and B. Here is the updated network diagram.
http://cl.ly/image/0E1n0s1v043u
Here are my config
On Machine A:
---------------------------
ubuntu at homer:/etc/tinc/erix$ more hosts/esprit1
Subnet = 192.168.1.0/32
Address = <Public IP>
ubuntu at A:/etc/tinc/erix$ more tinc-up
#!/bin/sh
#ifconfig $INTERFACE 10.250.0.2 netmask 255.255.255.0
ip addr add 192.168.1.150 dev $INTERFACE
ip route add 10.16.50.0/24 dev $INTERFACE
ip link set dev $INTERFACE up
On Machine B:
---------------------------
pi at raspberrypi /etc/tinc/erix $ more hosts/pi
Subnet = 10.16.50.0/32
pi at raspberrypi /etc/tinc/erix $ more tinc-up
#!/bin/sh
#ifconfig $INTERFACE 10.250.0.3 netmask 255.255.255.0
ip addr add 10.16.50.107 dev $INTERFACE
ip route add 192.168.1.0/24 dev $INTERFACE
ip link set dev $INTERFACE up
pi at raspberrypi /etc/tinc/erix $ more tinc.conf
Name = pi
ConnectTo = esprit1
Once I start the client, on Machine A
---------------------------
ubuntu at homer1:/etc/tinc/erix$ ifconfig
docker0 Link encap:Ethernet HWaddr f6:df:72:9c:8c:3c
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::d43e:16ff:feba:7e71/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:612 (612.0 B) TX bytes:648 (648.0 B)
em1 Link encap:Ethernet HWaddr c0:3f:d5:62:89:af
inet addr:192.168.1.150 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::c23f:d5ff:fe62:89af/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:291998 errors:0 dropped:0 overruns:0 frame:0
TX packets:68492 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:55078791 (55.0 MB) TX bytes:35015585 (35.0 MB)
Interrupt:20 Memory:f7c00000-f7c20000
erix Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.150 P-t-P:192.168.1.150 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2259209 errors:0 dropped:0 overruns:0 frame:0
TX packets:2259209 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:206671332 (206.6 MB) TX bytes:206671332 (206.6 MB)
veth450f Link encap:Ethernet HWaddr f6:df:72:9c:8c:3c
inet6 addr: fe80::f4df:72ff:fe9c:8c3c/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:738 (738.0 B) TX bytes:648 (648.0 B)
ubuntu at homer1:/etc/tinc/erix$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 em1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0
docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 em1
and On Machine B:
---------------------------
pi at raspberrypi ~ $ ifconfig
erix Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.16.50.107 P-t-P:10.16.50.107 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr b8:27:eb:4f:c7:63
inet addr:10.16.50.107 Bcast:10.16.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36445 errors:0 dropped:2 overruns:0 frame:0
TX packets:2177 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3193069 (3.0 MiB) TX bytes:777425 (759.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10368 (10.1 KiB) TX bytes:10368 (10.1 KiB)
pi at raspberrypi ~ $ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 10.16.0.1 0.0.0.0 UG 0 0 0 eth0
10.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
-----------------------
Even though I have 'ip route add .." in both tinc-up, i dont see the route
in 'route -n'.
I am not able to ping A and B from each other as well.
I manually added the route on B for A and tied to ping A but no joy.
pi at raspberrypi /etc/tinc/erix $ sudo ip route add 192.168.1.0/24 dev erix
pi at raspberrypi /etc/tinc/erix $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
default 10.16.0.1 0.0.0.0 UG 0 0 0 eth0
10.16.0.0 * 255.255.0.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 erix
pi at raspberrypi /etc/tinc/erix $ ping 192.168.1.150
PING 192.168.1.150 (192.168.1.150) 56(84) bytes of data.
>From 192.168.1.150 icmp_seq=1 Destination Net Unknown
>From 192.168.1.150 icmp_seq=2 Destination Net Unknown
>From 192.168.1.150 icmp_seq=3 Destination Net Unknown
>From 192.168.1.150 icmp_seq=4 Destination Net Unknown
ip_forward is set to 1 as well
pi at raspberrypi /etc/tinc/erix $ more /proc/sys/net/ipv4/ip_forward
1
Could this be I am not setting the gateway for this route correctly on B?
Thanks,
Zia
On Tue, Jul 8, 2014 at 5:35 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Mon, Jul 07, 2014 at 06:55:12PM -0700, Zia Syed wrote:
>
> > I'm trying to setup tinc tunnel between my work and home linux machines
> as
> > shown here http://cl.ly/image/1H1R2X2D403X
> >
> > I am able to setup tinc session between A and B and I can ping them. But
> I
> > can't ping C or D from B, or A respectively.
> >
> > Home network 192.168.1.0
> > Work network 10.20.50.0
> > tinc tunnel is 15.0.0.x.
>
> Note that you don't need to have a special subnet just for the tunnel.
> Also, 15.0.0.0/8 is a range of public IP addresses, don't use that
> unless you really don't mind missing parts of the Internet.
>
> You can just give the VPN interface the same address as the LAN
> interface. And as Etienne already said, you have to tell tinc about the
> 192.168.1.0/24 and 10.20.50.0/24 Subnets. So, on B you should have this
> in hosts/B:
>
> Subnet = 10.20.50.0/24
>
> And in B's tinc-up:
>
> #!/bin/sh
> ip addr add 10.20.50.107 dev $INTERFACE
> ip route add 192.168.1.0/24 dev $INTERFACE
> ip link set dev $INTERFACE up
>
> Also, don't forget that you have to enable forwarding in the kernel, if
> that's not already done:
>
> echo 1 >/proc/sys/net/ipv4/ip_forward
>
> Also check that if you have any firewall rules on A and B that they
> allow forwarding packets between the LAN and the VPN. Last but not
> least, do C and D know that packets for each other's LAN have to go via
> A and B? If A and B are the gateways on their LANs, you don't have to do
> anything else. If they are not, then you need to tell D for example:
>
> ip route add 192.168.1.0/24 via 10.20.50.107
>
> Or if you have even more machines on the LAN that you want to give
> access to the VPN, then tell the real gateway to route packets for the
> VPN to the machine running tinc.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140708/5faa54c1/attachment-0001.html>
More information about the tinc
mailing list