routes on windows "guests/clients"

Guus Sliepen guus at tinc-vpn.org
Mon Mar 17 22:20:42 CET 2014 

On Mon, Mar 17, 2014 at 02:11:20PM -0400, Aaron Anderson wrote:

> Home network is 10.10.1.0/24 and I have statically assigned
> 10.10.10.x/24 addresses for all of the tinc adapters.
> 
> This is the config of the host that is the "gateway" to my home machine.
> ====================== /tinc/hosts/aapc ======================
> Address = 74.13x.4x.1x
> Subnet = 10.10.1.0/24
> Subnet = 10.10.10.101/32
> 
> -----BEGIN RSA PUBLIC KEY-----
> xxx
> -----END RSA PUBLIC KEY-----
> ====================== /tinc/hosts/aapc ======================
> 
> On the remote machine I have an "up" script to add the route - but it
> does not work as tinc tries to run it before windows has fully
> negotiated something, and windows cries about the interface
> (10.10.10.102 in this case) not existing. I can run it manually a
> moment later and everything is kosher.
> ====================== /tinc/hosts/aapc-up.bat ======================
> route add 10.10.1.0 mask 255.255.255.0 10.10.10.102
> ====================== /tinc/hosts/aapc-up.bat ======================
> 
> It was my understanding that tinc handles the routing automatically
> based on what is in the "subnet =" stanza.
> 
> 1. Should I need to be using the route statement in the first place?
> 2. Am I doing this correctly? Maybe I'm completely off base.

Tinc internally routes based on the Subnet stanzas, but it doesn't change the
routing tables of your operating system. It is up to you to configure those
routes. The simplest way to do this is to choose the netmask of the VPN
interface in such a way that it covers all the nodes in your VPN. For example,
in your case you could set the netmask to 255.255.0.0, so it covers the Subnet
of the gateway (10.10.1.0/24) as well as the other nodes (in the range
10.10.10.0/24). That way you don't need to configure any additional routes.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140317/f42291f3/attachment.sig>

More information about the tinc mailing list