Setting up simple routing for all trafic of one host through another
Ann Brown
annobrown at protonmail.com
Wed Apr 24 12:02:19 CEST 2019
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, April 22, 2019 4:01 PM, Doron Behar <doron.behar at gmail.com> wrote:
> Hello dear tinc users,
>
> I've been looking for a while now for a solution in the mailing list and
> maybe I'm guiltily too lazy to learn all that there is to know about
> Linux routing and that's why I'm still stuck.
>
> To get right to it: I have 2 hosts connected with tinc - one of them is
> a VPS with a public address and static IP address and the other is my
> desktop machine, both run Linux.
>
> I've set up tinc in both of these hosts so that I can connect to each of
> them through their tinc address. I would like however, to make my
> desktop machine route all it's traffic through the VPS host.
>
> My tinc interface is called doronbehar and this is the output of `ip route` on the VPS:
>
> default via 54.37.204.1 dev eth0 proto dhcp src 54.37.204.184 metric 1024
> 10.0.0.0/24 dev dns0 proto kernel scope link src 10.0.0.1
> 54.37.204.1 dev eth0 proto dhcp scope link src 54.37.204.184 metric 1024
> 192.168.0.0/24 dev doronbehar proto kernel scope link src 192.168.0.2
>
> The VPS' tinc IP address is 192.168.0.2 and the desktop host's tinc IP
> address 192.168.0.1.
>
> I tried to make all traffic coming from 192.168.0.0/24 on the VPS go to
> the VPS' gateway 54.37.204.1 with this command:
>
> sudo ip route add 192.168.0.0/24 via 54.37.204.1 dev doronbehar
>
> But I get this error:
>
> Error: Nexthop has invalid gateway.
>
> What Am I missing? Additionally, I'm not so sure I'll successfully
> continue after this step - regarding running the right commands on my
> desktop host so I'll be thankful for any help in this as well.
You need to change the routing on your desktop to use the gateway VPS as route for 0.0.0.0/1 and 128.0.0.0/1. You also need a route so tinc still uses your ISP gateway. That's described at https://www.tinc-vpn.org/examples/redirect-gateway/.
On the gateway VPS, you need to enable forwarding, and then setup SNAT in iptables. See https://www.systutorials.com/1372/setting-up-gateway-using-iptables-and-route-on-linux/
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Sent with ProtonMail Secure Email.
More information about the tinc
mailing list