<div dir="ltr">Hi Lars<div><br></div><div>Thank you for reply.</div><div><br></div><div>My apologies it is running in "<b>TAP</b>" mode.</div><div><br></div><div><div>root@tinc-srv:~# tincd -n netname -D -d3</div><div>tincd 1.0.23 (Dec 5 2013 17:16:47) starting, debug level 3</div><div>/dev/net/tun is a Linux tun/tap device (tap mode)</div></div><div><br></div><div>I have enabled ip forwarding and it seems that bridging rules is enabled</div><div><div>root@tinc-srv02:~# cat /proc/sys/net/bridge/bridge-nf-call-iptables</div><div>1</div><div>root@tinc-srv02:~# cat /proc/sys/net/ipv4/ip_forward<br></div><div>1</div><div>root@tinc-srv02:~# </div></div><div><br></div><div>I dont have ebtables installed , do I need it installed in order to handle the ARP requests/replies?</div><div><br></div><div><div>root@tinc-srv02:~# ebtables -L</div><div>The program 'ebtables' is currently not installed. You can install it by typing:</div><div>apt-get install ebtables</div><div>root@tinc-srv02:~# </div></div><div><br></div><div>This is tcpdump i have issued on tinc-srv02 (Site 2). It receives the ARP request and sends it to the Server in Site to , but not getting ARP response. Is this perhaps a VMware vswitch issue related to ARP queries being dropped between VM's . I have no access to the esxi host only to the vm's.</div><div><br></div><div>TCPDUMP</div><div><div>root@tinc-srv02:~# tcpdump -i bridge | grep 10.32.0.22</div><div>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</div><div>listening on bridge, link-type EN10MB (Ethernet), capture size 65535 bytes</div><div>15:15:17.344008 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:18.286495 IP 10.32.0.12<b> (Site 1 Server)</b> > 10.32.0.22<b> (Site 2 Server)</b>: ICMP echo request, id 1, seq 14, length 80</div><div>15:15:18.341668 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:19.339975 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:20.288630 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 15, length 80</div><div>15:15:20.338987 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:21.336696 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:22.289760 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 16, length 80</div><div>15:15:22.335111 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:23.334344 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:24.291681 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 17, length 80</div><div>15:15:24.331904 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:25.330255 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:26.293099 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 18, length 80</div><div>15:15:26.329447 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:27.342722 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:28.295339 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 19, length 80</div><div>15:15:28.341110 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:29.339932 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:30.296755 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 20, length 80</div><div>15:15:30.337919 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:31.336231 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:32.296068 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 21, length 80</div><div>15:15:32.335125 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:33.332990 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:34.297818 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 22, length 80</div><div>15:15:34.331521 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:35.330205 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:36.299904 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 23, length 80</div><div>15:15:36.328150 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:37.342065 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:38.331289 IP 10.32.0.12 > <a href="http://10.32.0.22">10.32.0.22</a>: ICMP echo request, id 1, seq 24, length 80</div><div>15:15:38.341090 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div><div>15:15:39.339068 ARP, Request who-has 10.32.0.11 tell 10.32.0.22, length 46</div></div><div><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr">Regards<br>Yazeed Fataar<br></div><a href="mailto:yazeedfataar@hotmail.com" target="_blank"></a></div></div></div></div></div>
<br><div class="gmail_quote">On Sun, Apr 10, 2016 at 3:54 PM, Lars Kruse <span dir="ltr"><<a href="mailto:lists@sumpfralle.de" target="_blank">lists@sumpfralle.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hello Yazeed,<br>
<br>
<br>
Am Tue, 5 Apr 2016 11:26:55 +0300<br>
schrieb Yazeed Fataar <<a href="mailto:yazeedfataar@gmail.com">yazeedfataar@gmail.com</a>>:<br>
<br>
> [..]<br>
><br>
> *Site 1*<br>
<span class="">> Server -ping- Site 1 (tinc-srv01) - Success<br>
> Server -ping- Site 2 (tinc-srv02) - Success<br>
> Server -ping- Site 2 - Server 2 - Failure<br>
><br>
><br>
</span>> *Site 2*<br>
<span class="">> Server -ping- Site 2 (tinc-srv02) - Success<br>
> Server -ping- Site 1 (tinc-srv01) - Failure<br>
> Server -ping- Site 1 - Server 1 - Failure<br>
<br>
</span>Could it be that ip_forward is disabled on tinc-srv02? Or maybe brige<br>
traffic filtering is active without the required firewall rules?<br>
<br>
/proc/sys/net/ipv4/ip_forward<br>
/proc/sys/net/bridge/bridge-nf-call-iptables<br>
<span class=""><br>
<br>
> Is there a feature I need to enable ( ie Proxy Arp) on tinc-srv02 the arp to<br>
> reach the server (site 2) ?<br>
<br>
</span>I am not aware of any unusual network setup requirements for tinc.<br>
<span class=""><br>
<br>
> My tinc-srv02 in Site 2 has one interface that I have bridged with tun0.<br>
<br>
</span>Are you sure that this works? I understand tun devices to be layer 3 interfaces<br>
- thus they cannot be connected to a bridge (layer 2), as far as I understand.<br>
<br>
Cheers,<br>
Lars<br>
_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
</blockquote></div><br></div></div>