tinc mesh setup
Chris .
chris-message at outlook.com
Thu Feb 22 18:07:23 CET 2018
I admit that I am not familiar with Tinc very well but see that Tinc is running their current vpn connections. We have a scenario that has 20 different sites currently and successfully using tinc on openwrt but I am having issues adding an additional site as it will not communicate with the rest. I am not the one that originally setup the system but that person is no longer available. I have taken the firmware of one and flashed it on another router to make it duplicate and then tested it working but when I change the hostname, and IP to what we need it to be (in this case 172.16.100.0) it no longer communicates with the rest of the network even though I have the same public key as well as adding it to the host folder and tinc config file on every other router. Am I missing something? The current system seems to be working now but having issues to add new.
Thanks in advance for any advice, assistance or referral you could provide.
Regards,
Chris
Contents of the /etc/tinc/NETNAME/hosts/ folder
pfsense1 pfsense100 pfsense11 pfsense12 pfsense16 pfsense17 pfsense19 pfsense2 pfsense20 pfsense201 pfsense26 pfsense27 pfsense4 pfsense7
All of the /etc/tinc/NETNAME/hosts/ files have the same public key on each router as well as each file above.
Here is the current configuration setup. (OpenWRT router is .254 on all subnets)
Pfsense1 is 172.16.1.0
Pfsense2 is 172.16.2.0
Pfsense4 is 172.16.4.0
Etc..
Partial file contents of /etc/config/tinc
config tinc-net NETNAME
option enabled 1
option logfile /tmp/log/tinc.log
option debug 1
option AddressFamily ipv4
list ConnectTo=pfsense2
list ConnectTo=pfsense4
list ConnectTo=pfsense12
list ConnectTo=pfsense201
list ConnectTo=pfsense11
list ConnectTo=pfsense1
list ConnectTo=pfsense19
list ConnectTo=pfsense7
list ConnectTo pfsense26
list ConnectTo pfsense27
list ConnectTo pfsense100
option Name pfsense16
config tinc-host pfsense20
option enabled 1
option net NETNAME
list Address {PUBLICIPHERE for this site}
option Subnet 172.16.20.0/24
config tinc-host pfsense7
option enabled 1
option net NETNAME
list Address {PUBLICIPHERE for this site}
option Subnet 172.16.7.0/24
config tinc-host pfsense19
option enabled 1
option net NETNAME
list Address {PUBLICIPHERE for this site}
option Subnet 172.16.19.0/24
config tinc-host pfsense100
option enabled 1
option net NETNAME
list Address {PUBLICIPHERE for this site}
option Subnet 172.16.100.0/24
It continues with the rest of the sites that I did not list to limit email length.
File contents of /etc/tinc/NETNAME/tinc-up
#!/bin/sh
ip=`uci get network.lan.ipaddr`
ifconfig $INTERFACE $ip
File contents of /etc/tinc/NETNAME/tinc-down
#!/bin/sh
ifconfig $INTERFACE down
File contents of /etc/tinc/NETNAME/subnet-up
#!/bin/sh
[ $NODE = `uci get tinc.$NETNAME.Name` ] && exit
case $SUBNET in
*/32) targetType=-host ;;
*) targetType=-net ;;
esac
route add $targetType $SUBNET dev $INTERFACE
File contents of /etc/tinc/NETNAME/subnet-down
[ $NODE = `uci get tinc.$NETNAME.Name` ] && exit
case $SUBNET in
*/32) targetType=-host ;;
*) targetType=-net ;;
esac
route del $targetType $SUBNET dev $INTERFACE
To be clear (also not sure how it works without it) but tinc.conf is not in the /etc/tinc/NETNAME folder. We can see it in the /tmp/tinc/NETNAME directory only and its contents are below.
File contents of /tmp/tinc/NETNAME/tinc.conf (this is on the pfsense16 unit with subnet 172.16.16.0)
AddressFamily = ipv4
ConnectTo = pfsense26
ConnectTo = pfsense27
Name = pfsense16
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180222/bb273fec/attachment.html>
More information about the tinc
mailing list