Configuration working with 2 hosts but not with 3

Marius Fröhlich marius at froehlich.pro
Sat Sep 30 15:29:41 CEST 2017 

Hi there,

I would need some help with my configuration. I have tried a long time,
but did not find my error. Thus I would really appreciate your help.

There are three hosts:

 1. h181
 2. h182: Should ConnectTo h181
 3. h183: Should ConnectTo h181

*Files under /etc/tinc/vpn0/hosts*

[h181:]
Address = 94.130.108.xxx
Subnet = 172.16.1.1/32
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----

[h182:]
Subnet = 172.16.1.2/32
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----

[h183:]
Subnet = 172.16.1.3/32
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----


*tinc.conf files:*

[tinc.conf h181:]
Name = h181
Device = /dev/net/tun
BindToAddress = 0.0.0.0
AddressFamily = ipv4

[tinc.conf h182:]
Name = h182
Device = /dev/net/tun
ConnectTo = h181
BindToAddress = 0.0.0.0
AddressFamily = ipv4

[tinc.conf h183:]
Name = h183
Device = /dev/net/tun
ConnectTo = h181
BindToAddress = 0.0.0.0
AddressFamily = ipv4


*tinc-up Files:*

[tinc-up h181:]
#!/bin/sh
#
# Must use IP 172.16.1.1
#
/sbin/ifconfig $INTERFACE 172.16.1.1 netmask 255.255.255.0

[tinc-up h182:]
#!/bin/sh
#
# Must use IP 172.16.1.2
#
/sbin/ifconfig $INTERFACE 172.16.1.2 netmask 255.255.255.0

[tinc-up h182:]
#!/bin/sh
#
# Must use IP 172.16.1.3
#
/sbin/ifconfig $INTERFACE 172.16.1.3 netmask 255.255.255.0


The occuring errors are:

  * Ping from h182 (172.16.1.2) and h183 (172.16.1.3) to h181
    (172.16.1.1) is not possible
  * Ping from h181 to h182 and h183 and between h182 and h183 are
    possible, but extremely slow (some about 1000ms; ping to public IP
    is about 10ms)

When I start tinc with tincd -n netname -d5 -D everything seems normal,
many PINGs and PONGs are displayed.

In route -n it is displayed on all hosts:

172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 vpn0

When stopping tincd on h182 or h183 pings between the two remaining
hosts are possible and fast.

I am using tinc 1.0.24-2.1 (Debian).

Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170930/26017f61/attachment.html>

More information about the tinc mailing list