need help on tinc route problem

Maxim Vorontsov 6012030 at gmail.com
Mon Feb 29 09:40:28 CET 2016 

hi.

Are you add only 0.0.0.0/1 as route, not 128.0.0.0/1 too?
Did you tried to add route to 5.6.7.8 via C with lesser metric then via B?

If you have to add static routes only on a few servers, you can add them to
the $HOST-up scripts.





On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <gb2313 at gmail.com> wrote:

> my network:
>
> local pc(192.168.1.2)-->openwrt_adsl_router A(
> 192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24 tinc)<---remote B:
> 10.10.20.1/24
>                                                                     ^
>                                                                     |
>                                              remote C:10.10.0.1/24
>
>
> all running tinc 1.0.x,
>
> ADSL router runs as a "server"(only one tinc instance), listening on some
> port,
> client B and C connect to ADSL router,
> from my pc I need to:
> 1. Access B's subnet 192.168.50.1/24
> 2. Access some WAN websites via C
> 3. no traffic between B and C
> 4. other traffic goes to pppoe interface by default
>
> here are the config files:
> A: router
>
> tincd.conf:
> device = /dev/net/tun
> name = vpn
> interface = vpn
> addressFamilay = ipv4
>
> ##
> Address=xxx.dyndns.org
> Port=xxx port
> subnet=10.10.10.0/24
> Subnet=192.168.1.0/24
>
> ##tinc-up:
> ifconfig vpn 10.10.10.1/24 up
> route add -host 10.10.0.1 dev vpn
> route add -net 10.10.0.0/24 gw 10.10.0.1
>
> route add -host 10.10.20.1 dev vpn
> route add -net 10.10.20.0/24 gw 10.10.20.1
> route add -net 192.168.50.0/24 gw 10.10.20.1   (requirement .1)
>
> route add -net many websites networks gw 10.10.0.1 (requirement .2)
> ...
> ###########################
> B:
> connectTo=vpn
> ##
> Subnet=10.10.20.0/24
> Subnet=192.168.50.0/24
>
> ##
> ifconfig Binc 10.10.20.1/24 up
> route add -host 10.10.10.1 dev Binc
> route add -net 10.10.10.0/24 gw 10.10.10.1
> route add -net 192.168.1.0/24 gw 10.10.10.1
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> ###########################
> C:
> connectTo=vpn
> ##
> Subnet=10.10.0.0/24
> Subnet=0.0.0.0/1     ----------> this line only exists in server
> C:/etc/tinc/hosts/C, but I guess it can be learned by router node
>
> ##
> ifconfig Cinc 10.10.0.1/24 up
> route add -host 10.10.10.1 dev Cinc
> route add -net 192.168.1.0/24 gw 10.10.10.1
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> ########################
> router has B and C host files, B don't have C's and C don't have B's host
> file
>
> this works fine for me,
>
> but today, I need to access a WAN server(5.6.7.8) via B, so I added a
> route:
> route add -host 5.6.7.8 gw 10.10.20.1 (B)
> I thought it should work like other routes, but the traffic still goes
> through C,
> after examine the config, I think the problem maybe because of only  C has
> "Subnet=0.0.0.0/1"
>
> my questions are:
> 1. why packet has route with default gw to B can be routed to C ? is it
> right behavior?
> 2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to B's host file ?
> I have some trouble to test this now, because B is not easy to
> access,(best way is let it connect to me)
> also, even this way works, I don't want other networks's traffic(added
> route for C) goes through B, or randomly.
> 3. I removed "Subnet=0.0.0.0/1" from C, then all route(to WAN) via B/C
> not work anymore, is there anyway to
> let those "route add (WAN networks) gw 10.10.0.1" works without the
> "Subnet=0.0.0.0/1" ?
>
>
>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>


-- 
brgds
Maxim Vorontsov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/e35780f0/attachment.html>

More information about the tinc mailing list