Linux box as network gateway
Aaron Anderson
anderson.aaron at gmail.com
Wed Mar 19 20:23:44 CET 2014
So we're all on the same page, here's what I want: (will need to be in
fixed width font)
-[client (10.10.10.102) and
(172.16.253.102)]--[router]-[internet]-------[router]-[tincserver
(10.10.10.103) and (192.168.99.4)]
-[other box (192.168.99.5)]
-[other box (192.168.99.6)]
Where 192.168.99.x and 172.16.253.x are the local non-tinc subnets and
10.10.10.x are tinc addresses.
>From "client" i want to be about to access the "other boxes" through
"tincserver" - I'm aware there will be routes for this, I'm fully
capable of dealing with those.
How should I set up the bridge on "tincserver" ?
On Wed, Mar 19, 2014 at 3:09 PM, Donald Pearson
<donaldwhpearson at gmail.com> wrote:
> By the way, if you create a layer 2 vpn using bridging like this, I suggest
> installing ebtables on your tinc box so that you can put in some layer 2
> firewall rules. An interesting result when you don't do this is DHCP
> traversing the VPN. Much to my surprise I've seen hosts on one site receive
> DHCP from a site across the VPN, ultimately using the remote router as its
> gateway.
> You would think the local server would be faster and always win, but that's
> not always the case.
>
>
> On Wed, Mar 19, 2014 at 3:03 PM, Donald Pearson <donaldwhpearson at gmail.com>
> wrote:
>>
>> Well you use brctl to bridge the virtual adapter (interface) to a real
>> physical interface, and that's represented by an additional virtual
>> interface which is the bridge itself. That bridge is what you configure
>> with an IP on your LAN statically or via DHCP.
>>
>> If you do all this ahead of time you don't even need a tinc-up script.
>>
>> If you want the bridge to be built up when tinc connects it would look
>> something like this. Do the inverse for a tinc-down
>>
>> tinc.conf
>> Name = Alpha
>> ConnectTo = Beta
>> ConnectTo = Charlie
>> Device = /dev/net/tun
>> Mode = switch
>> PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
>> #
>> #
>>
>> Tinc-up
>> #!/bin/sh
>> modprobe tun
>> ifconfig vpn 0.0.0.0
>> ifconfig vpn up
>> ifconfig eth1 0.0.0.0
>> ifconfig eth1 up
>>
>> brctl addbr bridge
>> brctl addif bridge vpn
>> brctl addif bridge eth1
>> ifconfig bridge 10.10.0.1 netmask 255.255.0.0
>> route add default gw 10.10.0.254 bridge
>> ifconfig bridge up
>>
>>
>>
>>
>> On Wed, Mar 19, 2014 at 2:44 PM, Aaron Anderson <anderson.aaron at gmail.com>
>> wrote:
>>>
>>> Does connecting to that machine get you access to other machines on
>>> the network? That's what I'm having trouble with. I want to connect to
>>> machines that do not have tinc installed.
>>>
>>> On Wed, Mar 19, 2014 at 2:30 PM, vmlinux <vmlinux at charter.net> wrote:
>>> > Aaron Anderson said on 03/19/2014 01:23 PM:
>>> >> I do already have those installed. I was really hoping for someone who
>>> >> had some already working configs or examples.
>>> >
>>> > # /etc/tinc/myvpn/tinc.conf
>>> > Name = mynode
>>> > AddressFamily = ipv4
>>> > interface = tinc0
>>> >
>>> > # /etc/tinc/myvpn/tinc-up
>>> > #!/bin/bash
>>> > ifconfig $INTERFACE 10.10.10.1 netmask 255.255.255.0
>>> >
>>> > # /etc/tinc/myvpn/tinc-down
>>> > #!/bin/bash
>>> > ifconfig $INTERFACE down
>>> >
>>> > # tincd -n myvpn
>>> >
>>> > _______________________________________________
>>> > tinc mailing list
>>> > tinc at tinc-vpn.org
>>> > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
More information about the tinc
mailing list