issues connecting in other sites
Chris .
chris-message at outlook.com
Fri Mar 16 05:24:50 CET 2018
Regarding the connect to spaces and = is a great question which I do not know. What is the proper configuration for the connect to command and how should it be used. I do not see specifically I nthe documentation that specifies that for the /etc/config/tinc file.
The pfsense is just the name given by the initial person that set it up and has nothing specific to do with pfsense.
When I edit the /tmp/tinc/NETNAME/tinc.conf file and reboot it (I think obviously) changes. How would I make the change stick. Does it default look at the /etc/tinc/NETNAME/tinc.conf first before it looks at the /tmp...... location? I tried to create the file in /etc/tinc/NETNAME directory but that seemed to have no effect after adding the new site to an existing location.
Here is an existing site called pfsense12
CONTENTS of /etc/tinc/NETNAME/hosts/pfsense100
(RSA PUBLIC KEY IS HERE)
CONTENTS of /etc/config/tinc
config tinc-net NETNAME
option enabled 1
option logfile /tmp/log/tinc.log
# option debug 1
option AddressFamily ipv4
list ConnectTo pfsense2
list ConnectTo pfsense4
list ConnectTo pfsense18
list ConnectTo pfsense201
list ConnectTo pfsense11
list ConnectTo pfsense7
list ConnectTo pfsense1
list ConnectTo pfsense16
list ConnectTo pfsense19
list ConnectTo pfsense17
list ConnectTo pfsense20
list ConnectTo pfsense26
list ConnectTo pfsense100
list ConnectTo pfsense27
option Name pfsense12
option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv
config tinc-host pfsense20
option enabled 1
option net NETNAME
list Address PUBLIC IP OF THIS SITE
option Subnet 172.16.20.0/24
config tinc-host pfsense7
option enabled 1
option net NETNAME
list Address PUBLIC IP OF THIS SITE
option Subnet 172.16.7.0/24
config tinc-host pfsense100
option enabled 1
option net NETNAME
list Address PUBLIC IP OF THIS SITE
option Subnet 172.16.17.100/24
.... IT continues to list all of the sites.
Below is the contents of the new site that we are trying to add.
CONTENTS of /etc/tinc/NETNAME/hosts/pfsense12
(RSA PUBLIC KEY IS HERE)
CONTENTS of /etc/config/tinc
config tinc-net NETNAME
option enabled 1
option logfile /var/log/tinc.log
option debug 5
option AddressFamily ipv4
list ConnectTo pfsense201
list ConnectTo pfsense7
list ConnectTo pfsense4
list ConnectTo pfsense12
list ConnectTo pfsense11
list ConnectTo pfsense1
list ConnectTo pfsense16
list ConnectTo pfsense19
list ConnectTo pfsense2
list ConnectTo pfsense28
list ConnectTo pfsense29
option Name pfsense100
option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv
config tinc-host pfsense28
option enabled 1
option net NETNAME
list Address PUBLIC IP HERE
option Subnet 172.16.28.0/24
config tinc-host pfsense12
option enabled 1
option net NETNAME
list Address PUBLIC IP HERE
option Subnet 172.16.29.0/24
config tinc-host pfsense201
option enable 1
option net NETNAME
option Address PUBLIC IP HERE
option Subnet 172.16.201.0/24
config tinc-host pfsense7
option enabled 1
option net NETNAME
list Address PUBLIC IP HERE
option Subnet 172.16.7.0/24
Does that look correct?
Thank you for the response!
Chris
-----Original Message-----
From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen
Sent: Thursday, March 15, 2018 3:57 PM
To: tinc at tinc-vpn.org
Subject: Re: issues connecting in other sites
On Thu, Mar 15, 2018 at 03:41:00PM +0000, Chris . wrote:
> I admit that I am not familiar with Tinc very well, but have Tinc running at approximately 20 sites and functioning as a mesh vpn/network. I am having issues adding an additional site as it will not communicate with the rest. I have taken the firmware of one and flashed it on another router to make it duplicate and then tested it working but when I change the hostname, and IP to what we need it to be (in this case 172.16.100.0) it no longer communicates with the rest of the network even though I have the same public key (they all have the same key) as well as adding it to the host folder and tinc config file on every other router. Am I missing something? The current system seems to be working now but having issues to add new.
I suspect you do have an error in your configuration somewhere. Either on the new node, or in the other node(s) that will have connections with the new node. Check for typos.
> Partial file contents of /etc/config/tinc
>
> config tinc-net NETNAME
> option enabled 1
> option logfile /tmp/log/tinc.log
> option debug 1
> option AddressFamily ipv4
>
> list ConnectTo=pfsense2
> list ConnectTo=pfsense4
> list ConnectTo=pfsense12
> list ConnectTo=pfsense201
> list ConnectTo=pfsense11
> list ConnectTo=pfsense1
> list ConnectTo=pfsense19
> list ConnectTo=pfsense7
> list ConnectTo pfsense26
> list ConnectTo pfsense27
> list ConnectTo pfsense100
> option Name pfsense16
I'm no pfsense expert. But why do some lines have ConnectTo=pfsense with a = sign between ConnectTo and pfsense, and other lines have a space instead of the =?
> To be clear (also not sure how it works without it) but tinc.conf is not in the /etc/tinc/NETNAME folder. We can see it in the /tmp/tinc/NETNAME directory only and its contents are below.
> File contents of /tmp/tinc/NETNAME/tinc.conf (this is on the pfsense16
> unit with subnet 172.16.16.0) AddressFamily = ipv4 ConnectTo =
> pfsense26 ConnectTo = pfsense27 Name = pfsense16
I see only two ConnectTo's here, ConnectTo = pfsense100 is missing.
Could that be the problem?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
More information about the tinc
mailing list