<div dir="ltr">Hi, I am trying to set up a VPN that allows mobile users to access multcast information from an information vendor. Hence Tinc is configured as a switch.<div><br></div><div>Internet --[ router1 ]------[eth0 VPN eth1]--------------[ router2 ]--------- mobile users</div>
<div><br></div><div>VPN server is running Ubuntu 10.04 and is also configured as a dhcp server that hands out IP address to connecting mobile users.</div><div><br></div><div>A bridge (br0) is statically set up at boot through the interfaces script. Its bridge port is eth0. br0 is assigned 10.10.145.254 in the <a href="http://10.10.145.0/24">10.10.145.0/24</a> network.</div>
<div><br></div><div>eth1 is 192.168.1.254, gateway is router2 192.168.1.1. Router2 is configured to forward both 7142 tcp and udp traffic to 192.168.1.254.</div><div><br></div><div>dhcp3-server is configured to listen on the br0 interface.</div>
<div><br></div><div>The idea is to allow incoming mobile user join the network and be part of the internal network able to receive multicast on the <a href="http://10.10.145.0/24">10.10.145.0/24</a> network.</div><div><br>
</div><div>tinc setup on the VPN server is as follows (/etc/tinc/vpn).</div><div><br></div><div>/etc/tinc/vpn/tinc.conf</div><div>mode = switch</div><div>name = server</div><div>addressfamily = ipv4</div><div>privatekeyfile = /etc/tinc/vpn/rsa_key.priv</div>
<div><br></div><div>/etc/tinc/vpn/tinc-up</div><div>ifconfig $INTERFACE 0.0.0.0 up promisc</div><div>brctl addif br0 $INTERFACE</div><div><br></div><div>/etc/tinc/vpn/hosts/server</div><div>compression = 9</div><div>address = <public IP of this server></div>
<div>Cipher = none</div><div>Digest = none</div><div>Port = 7142</div><div>-----BEGIN RSA PUBLIC KEY-----</div><div>:::</div><div>-----END RSA PUBLIC KEY-----</div><div><br></div><div>Soon as tinc started, a 'vpn' interfaced to added to br0. eth0 and br0 have identical MAC address.</div>
<div><br></div><div>brctl show shows eth0 and vpn </div><div>Client is a Windows XP client</div><div>c:\program files\tinc\vpn\tinc.conf</div><div>ConnectTo=server</div><div>Mode=switch</div><div>Name=vpnclient</div><div>
AddressFamily=ipv4</div><div>PrivateKeyFile=c:\progra~1\tinc\vpn\rsa_key.priv</div><div>Interface=Win-Tap</div><div><br></div><div>c:\program files\tinc\vpn\vpnclient</div><div>subnet=<a href="http://10.10.145.0/24">10.10.145.0/24</a></div>
<div>compression=9</div><div>cipher=none</div><div>digest=none</div><div><div>-----BEGIN RSA PUBLIC KEY-----</div><div>:::</div><div>-----END RSA PUBLIC KEY-----</div></div><div><br></div><div>With the above configuration files, I am not able to receive a valid IP address from the server when the Windows client attempts to connect.</div>
<div><br></div><div>Wireshark on the Windows client sees the following sequence of dialog</div><div><br></div><div>src 0.0.0.0 dst 255.255.255.255 proto dhcp len 342 Info DHCP Discover - transaction id 0xd70a60a8</div><div>
broadcast proto arp len 42 Info Who has 10.10.145.105? Tell 10.10.145.254</div><div>src 10.10.145.254 dst 10.10.145.105 proto dhcp len 347 Info DHCP Offer - transaction id 0xd70a60a8</div>
<div>src 0.0.0.0 dst 255.255.255.255 proto dhcp len 347 Info DHCP Request - transaction id 0xd70a60a8</div><div> broadcast proto arp len 42 Info Who has 10.10.145.105? Tell 10.10.145.254<br>
</div><div>src 0.0.0.0 dst 255.255.255.255 proto dhcp len 347 Info DHCP Request - transaction id 0xd70a60a8<br></div><div>src 0.0.0.0 dst 255.255.255.255 proto dhcp len 347 Info DHCP Request - transaction id 0xd70a60a8<br>
</div><div><br></div><div>And on the Linux server, using tcpdump -i br0 -vvv -s 1500 '((port 67 or port 68) and (udp[8:1] = 0x1))'</div><div><br></div><div>The only conversation captured is the </div><div><br></div>
<div>0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, request from 00:ff:0c:02:c3:f0 (oui unknown), length 300, xid 0x856c7d18, flags [none] (0x0000)</div><div>:</div><div>:</div><div>DHCP-Message Option 53, length 1: Discover</div>
<div>:</div><div>:</div><div><br></div><div>I don't know where the problem lies. It seems that after the initial DHCP Discover is received by the server, all subsequent messages from the client are not received. On the Windows side, it has received the DHCP Offer and attempted to reply with the DHCP Request which seems lost. After repeated attempt to request the offered IP, Win-tap gives up and self-assign a 169 address.</div>
<div><br></div><div>If I assign Win-Tap a valid IP, neither side could ping each other.</div><div><br></div><div>Please suggest what I should do to make this vpn work.</div><div><br></div><div><br></div><div><br></div><div>
<br></div><div><br></div><div><br></div><div><br></div><div><br></div></div>