partial SSH and Ping problem across VPN

jradxl at yahoo.com jradxl at yahoo.com
Thu Feb 7 15:31:13 CET 2019 

Hello,I have 6 Ubuntu 18.04 machines in a Tinc (1.35) network, where 3 are in Spain and 3 in UK.One machine in each country is running Tinc, and as both ends are behind NAT, they both connect outward to an Upcloud VM.
The 4 non-tinc machines can Ping and SSH each other without issue, and so from that point of view, the Tinc VPN is working fine.However, the 2 tinc machines can only ping and ssh each other across the vpn - they cannot reach any of the other 4 machines.- they can of course ping and ssh the 2 machines on their own network.
I have found that I need to provide the 3 tinc machines with their own IPv4 network, as other approaches cause the networking on the Ubuntu machines to lock up.IPv4 forwarding is turned on, and all 4 non-tinc machine have static routes configured, and the tinc machines have routes via the tun0 interfaces.
I have found i need TCPonly=yes to stop any Unknown messages.
With a tail on the log files and using to ping, I can see reports of messages going across the vpn.But when trying ping on the tinc machines, the log message is slightly different between the tinc and non-tinc machines - so I'm not sure the ICMP message is actually getting into the tun0 interface.
As the config is very symmetrical, I enclose here the config of one side.
###TINC.CONFConnectTo=upcloudName = zotacubuntu1AddressFamily = ipv4Device = /dev/net/tunLocalDiscovery = yesTCPOnly = yes
###TINC-UPip link  set $INTERFACE upip addr  add 192.168.60.20/24 dev $INTERFACE ip route add 192.168.4.0/24  dev $INTERFACE

###hosts/zotacubuntu1Address =UK.dyndns.orgPort = 655Subnet = 192.168.60.20/32
Subnet = 192.168.14.0/24
###route -nKernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         192.168.14.1    0.0.0.0         UG    0      0        0 wlp2s0169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlp2s0192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 tun0192.168.14.0    0.0.0.0         255.255.255.0   U     0      0        0 wlp2s0192.168.60.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0

I've run out of ideas as to why.
Can anyone suggest reason and/or what else I can try?
ThanksJohn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190207/9d49ef8f/attachment.html>

More information about the tinc mailing list