Cannot Ping after successful connection?

Michael Munger michael at highpoweredhelp.com
Tue Mar 11 21:21:42 CET 2014 

I apologize for the TLDR-style email, but I wanted to demonstrate that I have done a lot of work (11 hours and at least 8 tutorials including the tinc docs) before asking for help.

My basic problem is this: tinc appears to properly connect and authenticate the client to the server, but I cannot ping or access resources. (yes. I know there is no 'server' in tinc, but 'server' denotes the center of this network). The configs included in this email are real (including the IP addresses). Once I get this working, I'll change all the keys, but everything is the actual config. So... mistakes would be real too!

Here's the setup:
http://www.gliffy.com/go/publish/image/5463480/L.png

* "Management Workstation" is on my local LAN. 
* VPN Server is on a server with a public IP address, and is intended to create a "management VPN" for various machines and servers I have around the United States.
* Server A is a file server in a separate office, connected to the net via DSL with DHCP on the DSL.

Note: the Server A eth0 IP and the Management Workstation eth0 IP are the same to demonstrate these are two different networks. In real life, the workstation IP is 192.168.250.202 and the other IP address would be issued via DHCP.

==The "VPN Server" configuration.==

eth0 = 173.165.161.166 (Public IP Address).

root at web-services:/etc/tinc# cat nets.boot #

# This file contains all names of the networks to be started on system startup.
webservices

root at web-services:/etc/tinc/webservices# cat tinc.conf Name=webservices Device=/dev/net/tun

root at web-services:/etc/tinc/webservices/hosts# cat webservices
Compression=9
Subnet=192.168.98.0/24
Address=173.165.161.166
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAoEgxyY5DANAlKSP3pkHJvX5Co1uihxcCwFGW7G3bXUsKTkg6TE1P
qs7Fae9HQIYPzu0uHhjR0jFNP0rAEWl2VoQnpe3E6uIBs+8PWlIpB6OvLXjaYbo7
FhCje3OYTQMDwbhGaeZ/TdoOvAhHlu8giHZFc4SZ/Bd4z58UmLC5ShAtHKhMJr6K
dYsZjBWnzg41Q/dY+NRW5RXpH8akt8yW7xw/9So8CM3Lyf9Vvtn1RyY0IJcIq1kV
UXYOmx/j5Ef48GrbziF5DhEhYCqVSYzqfeIS0PKesNyTWvqr0/n2owSH3q5a2mNI
b+DuppRFSWxzkymrvrGfxVRuhi1Hj5lQPwIDAQAB
-----END RSA PUBLIC KEY-----

root at web-services:/etc/tinc/webservices# cat tinc-up 
#!/bin/bash ifconfig $INTERFACE 192.168.98.1 NETMASK 255.255.255.0

==The Management Workstation Configs:==
root at michael-desktop:/etc/tinc#cat nets.boot 
## This file contains all names of the networks to be started on system startup.
webservices

root at michael-desktop:/etc/tinc/webservices#cat tinc.conf
Device=/dev/net/tun
ConnectTo=webservices
Name=Mint202
PrivateKeyFile=/etc/tinc/webservices/rsa_key.priv

root at michael-desktop:/etc/tinc/webservices/hosts#cat webservices
Compression=9
Subnet=192.168.98.0/24
Address=173.165.161.166
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAoEgxyY5DANAlKSP3pkHJvX5Co1uihxcCwFGW7G3bXUsKTkg6TE1P
qs7Fae9HQIYPzu0uHhjR0jFNP0rAEWl2VoQnpe3E6uIBs+8PWlIpB6OvLXjaYbo7
FhCje3OYTQMDwbhGaeZ/TdoOvAhHlu8giHZFc4SZ/Bd4z58UmLC5ShAtHKhMJr6K
dYsZjBWnzg41Q/dY+NRW5RXpH8akt8yW7xw/9So8CM3Lyf9Vvtn1RyY0IJcIq1kV
UXYOmx/j5Ef48GrbziF5DhEhYCqVSYzqfeIS0PKesNyTWvqr0/n2owSH3q5a2mNI
b+DuppRFSWxzkymrvrGfxVRuhi1Hj5lQPwIDAQAB
-----END RSA PUBLIC KEY-----

root at michael-desktop:/etc/tinc/webservices#cat tinc-up
#!/bin/bash ifconfig $INTERFACE 192.168.98.2 netmask 255.255.255.0

HERE'S the frustrating part:

When I star the service, I get (what appears) to be a good startup on both sides:

In the management workstation (Mint202):

Mar 11 15:59:28 michael-desktop tinc.webservices[5126]: Trying to connect to webservices (173.165.161.166 port 655) Mar 11 15:59:28 michael-desktop tinc.webservices[5126]: Connected to webservices (173.165.161.166 port 655) Mar 11 15:59:28 michael-desktop tinc.webservices[5126]: Connection with webservices (173.165.161.166 port 655) activated

On the "VPN Server" (webservices):
Mar 11 15:59:02 web-services tinc.webservices[18550]: tincd 1.0.19 (Apr
22 2013 21:45:36) starting, debug level 1 Mar 11 15:59:02 web-services tinc.webservices[18550]: /dev/net/tun is a Linux tun/tap device (tun mode) Mar 11 15:59:02 web-services tinc.webservices[18550]: Script tinc-up exited with non-zero status 1 Mar 11 15:59:02 web-services tinc.webservices[18550]: Listening on
0.0.0.0 port 655
Mar 11 15:59:02 web-services tinc.webservices[18550]: Listening on :: 
port 655
Mar 11 15:59:02 web-services tinc.webservices[18550]: Ready Mar 11 15:59:12 web-services tinc.webservices[18550]: Connection from
173.165.161.161 port 52784
Mar 11 15:59:12 web-services tinc.webservices[18550]: Connection with
Mint202 (173.165.161.161 port 52784) activated

But... I cannot ping either machine over the VPN. You can see below (this is on the VPN server), that pinging the local webservices device works, but pinging the remote machine does not. In other words, the VPN Server can ping its own IP (192.168.98.1) but cannot ping Mint202 (192.168.98.2).

root at web-services:/etc/tinc/webservices# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:a1:5f:31
           inet addr:173.165.161.166  Bcast:173.165.161.175
Mask:255.255.255.240
           inet6 addr: fe80::20c:29ff:fea1:5f31/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:441343 errors:0 dropped:75 overruns:0 frame:0
           TX packets:176548 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:156214186 (148.9 MiB)  TX bytes:108246744 (103.2 MiB)

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:278 errors:0 dropped:0 overruns:0 frame:0
           TX packets:278 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:157696 (154.0 KiB)  TX bytes:157696 (154.0 KiB)

webservices Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           inet addr:192.168.98.1  P-t-P:192.168.98.1 Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
           RX packets:2 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:500
           RX bytes:168 (168.0 B)  TX bytes:0 (0.0 B)

root at web-services:/etc/tinc/webservices# ping 192.168.98.1 PING 192.168.98.1 (192.168.98.1) 56(84) bytes of data.
64 bytes from 192.168.98.1: icmp_req=1 ttl=64 time=0.058 ms
64 bytes from 192.168.98.1: icmp_req=2 ttl=64 time=0.038 ms ^C
--- 192.168.98.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.038/0.048/0.058/0.010 ms root at web-services:/etc/tinc/webservices# ping 192.168.98.2 PING 192.168.98.2 (192.168.98.2) 56(84) bytes of data.
^C
--- 192.168.98.2 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms

What am I missing here?

Thanks in advance,
Michael

More information about the tinc mailing list