dual gateway with routing issues and tinc-up and host-up scripts for windows clients?

Jelle de Jong jelledejong at powercraft.nl
Tue Feb 2 11:25:30 CET 2016 

Hello everybody,

I am doing some test with TINC and Windows 7 and I am having some issues
with routing. (see attachment for the client configuration)

The set-up I configured uses DHCP over the TINC tunnel and the Windows
guests ends up with two gateways (one from its own network and one from
the TINC network).

The problem is that traffic when browsing the internet should go over
the TINC tunnel as well and now it is currently split.

I thought I would change the TINC gateways metric to be lower then the
gateway from the standard Windows client, but this does not provide a
stable solution as the clients internet stops working completely from
time to time.

How can I execute a dynamic script under Windows when the TINC tunnel
comes up? To say execute the following command: route ADD 0.0.0.0 MASK
255.255.252.0 192.168.200.1 METRIC 5 IF 24

Any advice would be much appreciated.

Kind regards,

Jelle de Jong

irc: tuxcrafter
-------------- next part --------------
#-----------------------------------------------------------------------

# open command promt with admin rights

cd c:\Users\IEUser\Downloads

# install Windows Resource Kit Tool
msiexec /i subinacl.msi

# install TINC-VPN
tinc-1.0.26-install.exe

#-----------------------------------------------------------------------

cd "c:\Program Files\tinc"

mkdir powercraft01

echo ConnectTo = server01 > powercraft01\tinc.conf
echo Interface = PowerCraftVPN >> powercraft01\tinc.conf
echo Mode = switch >> powercraft01\tinc.conf
echo Name = client02 >> powercraft01\tinc.conf

mkdir powercraft01\hosts

echo Address = tinc.powercraft.nl > powercraft01\hosts\server01

#-----------------------------------------------------------------------

echo -----BEGIN RSA PUBLIC KEY----- >> powercraft01/hosts/server01
...
echo -----END RSA PUBLIC KEY----- >> powercraft01/hosts/server01

#-----------------------------------------------------------------------

echo Compression = 9 > powercraft01/hosts/client02
echo PMTU = 1400 >> powercraft01/hosts/client02
echo PMTUDiscovery = yes >> powercraft01/hosts/client02

#-----------------------------------------------------------------------

echo -----BEGIN RSA PUBLIC KEY----- >> powercraft01/hosts/client02
...
echo -----END RSA PUBLIC KEY----- >> powercraft01/hosts/client02

#-----------------------------------------------------------------------

echo -----BEGIN RSA PRIVATE KEY----- >> powercraft01/rsa_key.priv
...
echo -----END RSA PRIVATE KEY----- >> powercraft01/rsa_key.priv

# todo: set permissions for rsa_key.priv file windows, this may not be needed

#-----------------------------------------------------------------------

# install tap device
C:\Program Files\tinc>tap-win32\addtap.bat

# change name of created interface to PowerCraftVPN
wmic nic where "Caption like '%TAP-Win32 Adapter V9'" set NetConnectionID=PowerCraftVPN

# set interface metric to 5
netsh interface ipv4 set interface "PowerCraftVPN" metric=5 store=persistent

# windows .bat example that needs some work to rename interface using a script
http://wiki.cementhorizon.com/display/CH/How+to+install+and+configure+tinc+on+Windows+7+and+Ubuntu+10.10+Linux+and+CentOS+5

#-----------------------------------------------------------------------

# create the services
C:\Program Files\tinc>tincd.exe -n powercraft01
tinc.powercraft01 service installed
tinc.powercraft01 service started

#-----------------------------------------------------------------------

# set permissions to star/stop/pause/resume the tinc service for user: IEUser
C:\Windows\system32>"C:\Program Files\Windows Resource Kits\Tools\subinacl.exe" /service tinc.powercraft01 /grant=IEUser=PTO

# set tinc service to start manually
c:\Program Files\tinc>sc config tinc.powercraft01 start= demand
[SC] ChangeServiceConfig SUCCESS

#-----------------------------------------------------------------------

# Using the PowerCraftVPN

C:\Users\IEUser>net stop tinc.powercraft01
The tinc.powercraft01 service is stopping.
The tinc.powercraft01 service was stopped successfully.

C:\Users\IEUser>net start tinc.powercraft01
The tinc.powercraft01 service is starting.
The tinc.powercraft01 service was started successfully.

#-----------------------------------------------------------------------

# check route
c:\Program Files\tinc>route print

# check ipconfig
c:\Program Files\tinc>ipconfig

#-----------------------------------------------------------------------

More information about the tinc mailing list