Second VPN network fails to start

Lars Kruse lists at sumpfralle.de
Wed May 22 11:02:03 CEST 2019 

Hello Robert,


Am Mon, 20 May 2019 11:11:39 +0700
schrieb "Robert Horgan" <Robert at gainplus.asia>:

> These are my files:
> 
> On server 1: db2
> 
> /etc/tinc/nets.boot
> #
> gainplus				 (this works fine, autostarts, etc)
> vpn1
> 
> /etc/tinc/vpn1/tinc.conf
> Name = db2
> BindToAddress = 10.130.17.192
> AddressFamily = ipv4
> Port = 656
> ConnectTo = gtdb
> Interface = tun0

I would recommend to remove the "Interface" line (this results in an interface
called "vpn1" in your case) or specify a human-readable name of the VPN instead.


> /etc/tinc/vpn1/tinc-up
> #!/bin/sh
> # tinc-up
> ip addr add 10.3.0.50/24 dev $INTERFACE
> ip link set dev $INTERFACE up
> 
> /etc/tinc/vpn1/hosts/gtdb
> Subnet = 10.3.0.51/32
> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----

I think, the "Address" line is missing in the file above (necessary for your
"ConnectTo" statement).


> /etc/tinc/vpn1/hosts/db2
> Address = 10.130.17.192
> Subnet = 10.3.0.50/32
> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----
> 
> #########################################################
> 
> On server 2: gtdb
> 
> /etc/tinc/nets.boot
> #
> gainplus
> vpn1
> 
> /etc/tinc/vpn1/tinc.conf
> Name = gtdb
> BindToAddress = 10.130.8.6
> AddressFamily = ipv4
> Port = 656
> ConnectTo = db2
> Interface = tun0
> 
> /etc/tinc/vpn1/tinc-up
> #!/bin/sh
> # tinc-up
> ip addr add 10.3.0.51/24 dev $INTERFACE
> ip link set dev $INTERFACE up
> 
> /etc/tinc/vpn1/hosts/gtdb
> Address = 10.130.8.6
> Subnet = 10.3.0.0/24

Are you sure, that you want to announce the availability of this subnet behind
gtdb? In this case you probably bridged the respective external interface with
the tinc interface? Or you use dynamic or static routes for selecting the right
outgoing interface for traffic?
Or should the above line be changed into  a /32 subnet just for the node address
itself?


> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----
> 
> /etc/tinc/vpn1/hosts/db2
> Address = 10.130.17.192
> Subnet = 10.3.0.50/32
> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----
> 
> The result I get when running ip a on either server only shows  the first VPN
> tunnel:
> 
> 9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel
> state UNKNOWN group default qlen 500 link/none
>     inet 10.0.0.51/24 scope global tun0
> 	   valid_lft forever preferred_lft forever

Could this be as simple as a name conflict ("tun0" for both VPN setups)?
If not: do you find any information in your local logs?
(e.g. /var/log/daemon.log)

Cheers,
Lars

More information about the tinc mailing list