Cannot Ping after successful connection?

Michael Munger michael at highpoweredhelp.com
Tue Mar 11 22:32:30 CET 2014 

Per your instructions, I changed the Subnets to single IPs. The logs show that it was added as a /32, so that's great. I assume that since tincd is running in router mode (default), it builds this table so there is no need to add routes with the route command, right?

I still cannot ping, and I am getting "Got MTU probe length" errors in syslog. Lots of them. I have attached the relevant sections of the log if you wish to see them (below - I'll keep these public for future folks who post to this list).

For the "server":
https://www.dropbox.com/s/leojizn9mi599wf/vpnserver.log

For the Management Workstation (Mint202)
https://www.dropbox.com/s/mfz8jfzgos9lmz7/Mint202.log

I feel like I am SO close to getting this to work... I MUST have missed something simple.

Thoughts?

Thanks again for your help. You have NO idea how much I appreciate it.
________________________________________
From: tinc [tinc-bounces at tinc-vpn.org] on behalf of Michael Munger [michael at highpoweredhelp.com]
Sent: Tuesday, March 11, 2014 5:12 PM
To: tinc at tinc-vpn.org
Subject: RE: Cannot Ping after successful connection?

Great catch on the Mint202 bit (of course it was a great catch. You wrote this software!).

Here's the cat. It doesn't have any directives other than the RSA key, which may be a problem. But, I have tried it with the Name=Mint202 and Subnet= directives with the same results. However, I have always put the subnet in as the IP range, which you have advised against. I am going to change the subnet to a single IP as you suggested, and I'll advise on my progress.

For historical reference, here's what Mint202 had when I sent my configs a few minutes ago.

root at web-services:/etc/tinc/webservices/hosts# cat Mint202

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzkkYpNIWSrm1kNXQ9PXYZR4SALGUtDY/iKHVGF2oqvsoKhl5hENi
iNw9QqUtKUSDuJxP8w2AbeHBYaqr9kVyw3c/2Vzp1oGIxpbtMRcSEDJUcgJlpNeJ
8iEvjEPUiliLNrfnpu7dEk8gT6Fu+b9PR1n/5JnLueny3i0p8+qbA5/z4KUqVQCH
nQqcDQ+8DY2Otrljae6YwEMgtShtUNA6nkUfJ61Y/2UITL6RQP7rAXbn3kJYozm/
gjJPQhW0oUlTSFwM2qziGIj68KrUXBj6V3VjInuVdAgFii6B2aXI+qUst705B/Bw
+BZIsQxiKNruU+gi/+aQx2mtP2YPiTYk1QIDAQAB
-----END RSA PUBLIC KEY-----

Thanks again for an awesome package.

-Michael
________________________________________
From: tinc [tinc-bounces at tinc-vpn.org] on behalf of Guus Sliepen [guus at tinc-vpn.org]
Sent: Tuesday, March 11, 2014 4:31 PM
To: tinc at tinc-vpn.org
Subject: Re: Cannot Ping after successful connection?

On Tue, Mar 11, 2014 at 08:21:42PM +0000, Michael Munger wrote:

> I apologize for the TLDR-style email, but I wanted to demonstrate that I have done a lot of work (11 hours and at least 8 tutorials including the tinc docs) before asking for help.

No problem, you clearly explained your intentions, the setup and the
configuration files, that really helps.

> My basic problem is this: tinc appears to properly connect and authenticate
> the client to the server, but I cannot ping or access resources.
[...]
> root at web-services:/etc/tinc/webservices/hosts# cat webservices
> Compression=9
> Subnet=192.168.98.0/24
> Address=173.165.161.166
>
> root at web-services:/etc/tinc/webservices# cat tinc-up
> #!/bin/bash ifconfig $INTERFACE 192.168.98.1 NETMASK 255.255.255.0
[...]
> root at michael-desktop:/etc/tinc/webservices/hosts#cat webservices
> Compression=9
> Subnet=192.168.98.0/24
> Address=173.165.161.166

I assume you meant to cat Mint202 here, but I suspect that you have
Subnet=192.168.98.0/24 in hosts/Mint202 as well.

The Subnet statements should not contain the address range of the whole VPN,
but rather that part of the range that belongs to each individual node. So, you
should have Subnet=192.168.98.1 in hosts/webservices, and Subnet=192.168.98.2
in hosts/Mint202.

Other than that, your configuration looks fine, and you should not have to
change anything else.

--
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
_______________________________________________
tinc mailing list
tinc at tinc-vpn.org
http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

More information about the tinc mailing list