Question on simple dial-in

[Carsten Ralle]

I've been using tinc for about a decade now (thanks for the great work !), but I'm stuck with a new dial-in setup which seemed pretty simple.

I've got a server host with two interfaces:
local LAN: 192.168.50.0/24
DMZ      : 192.168.57.0/24

Now I want do dial in with clients over the DMZ, so that the virtual interface of the clients appears on the local LAN of the host on layer 2 with full network access.
Server side tinc is running in switch mode and is bridged to DMZ interface.
Client side tinc is windows TAP device with no special configuration.

I get an DHCP address on the client interface (192.168.50.x), I see ARP requests rolling in from the server side LAN and other layer 2 stuff, but no IPv4 traffic whatsoever. Routing tables on client side are set correctly.
Server is running Debian 10 (with IPv4 forwarding enabled, IPv6 disabled), tinc is version 1.0.35. I also tried fixed IP configuration on client side and almost any combination of modes, to no avail.

I read through almost any tutorial I could find (none of them for that very setup, though). 
Am I missing something or is it impossible to accomplish that way ?

Any help or hint is greatly appreciated. 


Best regards,

Carsten



server side config:
===================

Tinc-up:
--------
ip link set mtu 1400 dev $INTERFACE
ifconfig ens224 0.0.0.0
ifconfig $INTERFACE 0.0.0.0
brctl addbr br0
brctl addif br0 $INTERFACE
brctl addif br0 ens224
ifconfig ens224 up
ifconfig $INTERFACE up
ifconfig br0 up

tinc.conf:
----------
BindToAddress = 192.168.57.8
Mode = switch
Forwarding = kernel

Host-file:
----------
Compression=11