<div dir="ltr">Thanks guys. First off, i removed the 15.0.0.0 and now I can am not able to ping even A and B. Here is the updated network diagram. <a href="http://cl.ly/image/0E1n0s1v043u">http://cl.ly/image/0E1n0s1v043u</a><div>
<br></div><div>Here are my config</div><div><br></div><div>On Machine A:</div><div>---------------------------<br></div><div><div>ubuntu@homer:/etc/tinc/erix$ more hosts/esprit1</div><div>Subnet = <a href="http://192.168.1.0/32">192.168.1.0/32</a></div>
<div>Address = <Public IP></div></div><div><br></div><div><div>ubuntu@A:/etc/tinc/erix$ more tinc-up</div><div>#!/bin/sh</div><div>#ifconfig $INTERFACE 10.250.0.2 netmask 255.255.255.0</div><div>ip addr add 192.168.1.150 dev $INTERFACE</div>
<div>ip route add <a href="http://10.16.50.0/24">10.16.50.0/24</a> dev $INTERFACE</div><div>ip link set dev $INTERFACE up</div></div><div><br></div><div>On Machine B:</div><div>---------------------------<br></div><div><div>
pi@raspberrypi /etc/tinc/erix $ more hosts/pi</div><div>Subnet = <a href="http://10.16.50.0/32">10.16.50.0/32</a></div></div><div><br></div><div><div>pi@raspberrypi /etc/tinc/erix $ more tinc-up</div><div>#!/bin/sh</div><div>
#ifconfig $INTERFACE 10.250.0.3 netmask 255.255.255.0</div><div>ip addr add 10.16.50.107 dev $INTERFACE</div><div>ip route add <a href="http://192.168.1.0/24">192.168.1.0/24</a> dev $INTERFACE</div><div>ip link set dev $INTERFACE up</div>
</div><div><br></div><div><div>pi@raspberrypi /etc/tinc/erix $ more tinc.conf</div><div>Name = pi</div><div>ConnectTo = esprit1</div></div><div><br></div><div><br></div><div>Once I start the client, on Machine A</div><div>
---------------------------<br></div><div><br></div><div><div>ubuntu@homer1:/etc/tinc/erix$ ifconfig</div><div>docker0 Link encap:Ethernet HWaddr f6:df:72:9c:8c:3c</div><div> inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0</div>
<div> inet6 addr: fe80::d43e:16ff:feba:7e71/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:9 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:8 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:0</div><div> RX bytes:612 (612.0 B) TX bytes:648 (648.0 B)</div><div><br></div><div>em1 Link encap:Ethernet HWaddr c0:3f:d5:62:89:af</div><div> inet addr:192.168.1.150 Bcast:192.168.1.255 Mask:255.255.255.0</div>
<div> inet6 addr: fe80::c23f:d5ff:fe62:89af/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:291998 errors:0 dropped:0 overruns:0 frame:0</div><div>
TX packets:68492 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000</div><div> RX bytes:55078791 (55.0 MB) TX bytes:35015585 (35.0 MB)</div><div> Interrupt:20 Memory:f7c00000-f7c20000</div>
<div><br></div><div>erix Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00</div><div> inet addr:192.168.1.150 P-t-P:192.168.1.150 Mask:255.255.255.255</div><div> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:500</div><div> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</div>
<div><br></div><div>lo Link encap:Local Loopback</div><div> inet addr:127.0.0.1 Mask:255.0.0.0</div><div> inet6 addr: ::1/128 Scope:Host</div><div> UP LOOPBACK RUNNING MTU:65536 Metric:1</div>
<div> RX packets:2259209 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:2259209 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0</div><div> RX bytes:206671332 (206.6 MB) TX bytes:206671332 (206.6 MB)</div>
<div><br></div><div>veth450f Link encap:Ethernet HWaddr f6:df:72:9c:8c:3c</div><div> inet6 addr: fe80::f4df:72ff:fe9c:8c3c/64 Scope:Link</div><div> UP BROADCAST RUNNING MTU:1500 Metric:1</div><div> RX packets:9 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:8 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000</div><div> RX bytes:738 (738.0 B) TX bytes:648 (648.0 B)</div></div><div><br></div><div><div>ubuntu@homer1:/etc/tinc/erix$ route -n</div>
<div>Kernel IP routing table</div><div>Destination Gateway Genmask Flags Metric Ref Use Iface</div><div>0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 em1</div><div>172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0</div>
<div>192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 em1</div></div><div><br></div><div><br></div><div>and On Machine B:</div><div><div>---------------------------</div><div>pi@raspberrypi ~ $ ifconfig</div>
<div>erix Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00</div><div> inet addr:10.16.50.107 P-t-P:10.16.50.107 Mask:255.255.255.255</div><div> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:500</div><div> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</div>
<div><br></div><div>eth0 Link encap:Ethernet HWaddr b8:27:eb:4f:c7:63</div><div> inet addr:10.16.50.107 Bcast:10.16.255.255 Mask:255.255.0.0</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:36445 errors:0 dropped:2 overruns:0 frame:0</div><div> TX packets:2177 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000</div><div> RX bytes:3193069 (3.0 MiB) TX bytes:777425 (759.2 KiB)</div>
<div><br></div><div>lo Link encap:Local Loopback</div><div> inet addr:127.0.0.1 Mask:255.0.0.0</div><div> UP LOOPBACK RUNNING MTU:65536 Metric:1</div><div> RX packets:18 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:18 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0</div><div> RX bytes:10368 (10.1 KiB) TX bytes:10368 (10.1 KiB)</div></div><div class="gmail_extra">
<br><div class="gmail_extra">pi@raspberrypi ~ $ route -n</div><div class="gmail_extra">Kernel IP routing table</div><div class="gmail_extra">Destination Gateway Genmask Flags Metric Ref Use Iface</div>
<div class="gmail_extra">0.0.0.0 10.16.0.1 0.0.0.0 UG 0 0 0 eth0</div><div class="gmail_extra">10.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0</div><div class="gmail_extra">
<br></div><div class="gmail_extra">-----------------------</div><div class="gmail_extra"><br></div><div class="gmail_extra">Even though I have 'ip route add .." in both tinc-up, i dont see the route in 'route -n'. </div>
<div class="gmail_extra"><br></div><div class="gmail_extra">I am not able to ping A and B from each other as well. </div><div class="gmail_extra"><br></div><div class="gmail_extra">I manually added the route on B for A and tied to ping A but no joy. </div>
<div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">pi@raspberrypi /etc/tinc/erix $ sudo ip route add <a href="http://192.168.1.0/24">192.168.1.0/24</a> dev erix</div><div class="gmail_extra">
pi@raspberrypi /etc/tinc/erix $ route</div><div class="gmail_extra">Kernel IP routing table</div><div class="gmail_extra">Destination Gateway Genmask Flags Metric Ref Use Iface</div><div class="gmail_extra">
default 10.16.0.1 0.0.0.0 UG 0 0 0 eth0</div><div class="gmail_extra">10.16.0.0 * 255.255.0.0 U 0 0 0 eth0</div><div class="gmail_extra">192.168.1.0 * 255.255.255.0 U 0 0 0 erix</div>
<div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">pi@raspberrypi /etc/tinc/erix $ ping 192.168.1.150</div><div class="gmail_extra">PING 192.168.1.150 (192.168.1.150) 56(84) bytes of data.</div>
<div class="gmail_extra">From 192.168.1.150 icmp_seq=1 Destination Net Unknown</div><div class="gmail_extra">From 192.168.1.150 icmp_seq=2 Destination Net Unknown</div><div class="gmail_extra">From 192.168.1.150 icmp_seq=3 Destination Net Unknown</div>
<div class="gmail_extra">From 192.168.1.150 icmp_seq=4 Destination Net Unknown</div></div></div><div class="gmail_extra"><br></div><div class="gmail_extra">ip_forward is set to 1 as well </div><div class="gmail_extra"> </div>
<div class="gmail_extra"><div class="gmail_extra">pi@raspberrypi /etc/tinc/erix $ more /proc/sys/net/ipv4/ip_forward</div><div class="gmail_extra">1</div><div class="gmail_extra"><br></div><div class="gmail_extra">Could this be I am not setting the gateway for this route correctly on B?</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Thanks,</div><div class="gmail_extra">Zia</div><div class="gmail_extra"><br></div></div><div class="gmail_quote">On Tue, Jul 8, 2014 at 5:35 AM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="">On Mon, Jul 07, 2014 at 06:55:12PM -0700, Zia Syed wrote:<br>
<br>
> I'm trying to setup tinc tunnel between my work and home linux machines as<br>
> shown here <a href="http://cl.ly/image/1H1R2X2D403X" target="_blank">http://cl.ly/image/1H1R2X2D403X</a><br>
><br>
> I am able to setup tinc session between A and B and I can ping them. But I<br>
> can't ping C or D from B, or A respectively.<br>
><br>
> Home network 192.168.1.0<br>
> Work network 10.20.50.0<br>
> tinc tunnel is 15.0.0.x.<br>
<br>
</div>Note that you don't need to have a special subnet just for the tunnel.<br>
Also, <a href="http://15.0.0.0/8" target="_blank">15.0.0.0/8</a> is a range of public IP addresses, don't use that<br>
unless you really don't mind missing parts of the Internet.<br>
<br>
You can just give the VPN interface the same address as the LAN<br>
interface. And as Etienne already said, you have to tell tinc about the<br>
<a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> and <a href="http://10.20.50.0/24" target="_blank">10.20.50.0/24</a> Subnets. So, on B you should have this<br>
in hosts/B:<br>
<br>
Subnet = <a href="http://10.20.50.0/24" target="_blank">10.20.50.0/24</a><br>
<br>
And in B's tinc-up:<br>
<br>
#!/bin/sh<br>
ip addr add 10.20.50.107 dev $INTERFACE<br>
ip route add <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> dev $INTERFACE<br>
ip link set dev $INTERFACE up<br>
<br>
Also, don't forget that you have to enable forwarding in the kernel, if<br>
that's not already done:<br>
<br>
echo 1 >/proc/sys/net/ipv4/ip_forward<br>
<br>
Also check that if you have any firewall rules on A and B that they<br>
allow forwarding packets between the LAN and the VPN. Last but not<br>
least, do C and D know that packets for each other's LAN have to go via<br>
A and B? If A and B are the gateways on their LANs, you don't have to do<br>
anything else. If they are not, then you need to tell D for example:<br>
<br>
ip route add <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> via 10.20.50.107<br>
<br>
Or if you have even more machines on the LAN that you want to give<br>
access to the VPN, then tell the real gateway to route packets for the<br>
VPN to the machine running tinc.<br>
<span class=""><font color="#888888"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</font></span><br>_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div></div>