Tinc tunnel between two subnets
Guus Sliepen
guus at tinc-vpn.org
Wed Jul 9 12:13:27 CEST 2014
On Tue, Jul 08, 2014 at 02:34:50PM -0700, Zia Syed wrote:
> btw i am able to ping A and B, but not C from A
I assume you mean C from B? The last picture you made showed that C and
A are in the same LAN.
> On Machine A
>
> root at homer1:/etc/tinc/erix# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 em1
> 10.16.66.0 0.0.0.0 255.255.255.0 U 0 0 0 erix
> 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 em1
I see here that homer1 is not the gateway of its LAN, the same goes for
raspberrypi. That means that if you try to ping C from B, the ping request will
go from B to A via the VPN, and is then forwarded to C by A. But when C
sends a ping reply, it will send it to the default gateway, which is
192.168.1.1. Unless your gateway knows about the VPN, the ping replies
will be dropped. You have to tell either C or the gateway that packets
fro 10.16.66.0/24 should go via 192.168.1.150.
> root at raspberrypi:/etc/tinc/erix# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 10.16.0.1 0.0.0.0 UG 0 0 0 eth0
> 10.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 erix
I see here that B's LAN is 10.16.0.0/16, not 10.16.66.0/24?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140709/01efbf54/attachment.sig>
More information about the tinc
mailing list