<div dir="ltr">Just because you cant ping something doesnt mean you cant connect to it ... if ICMP is blocked by the computers FW or the kernal is set to not respond, you might very well have a valid connection that just wont return a ping. As lars suggested `tcpdump` is one method of testing this. Another method might be to run `<span style="color:rgb(38,50,56);font-family:Roboto,sans-serif;font-size:13px">sudo kill -USR2 $(pidof tincd); sudo tail syslog</span>` on any of the working nodes ... this should give you a decent map of what has connected and what has not. From there I would check the config files of the nodes not connected. If you miss a `ConnectTo` or forgot to xfer all of the files in hosts, then those computers are going to have problems.</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Jan 11, 2019 at 9:41 PM Lars Kruse <<a href="mailto:lists@sumpfralle.de">lists@sumpfralle.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello <br>
<br>
<br>
Am Thu, 10 Jan 2019 11:58:33 +0100<br>
schrieb Julien dupont <<a href="mailto:marcelvierzon@gmail.com" target="_blank">marcelvierzon@gmail.com</a>>:<br>
<br>
> The two tunnels are working. From a client I can ping or ssh VPN_office on<br>
> both tunnel and LAN IPs 172.16.0.2 and 192.168.1.3. I cannot however ping<br>
> any other computer on the LAN, I get no pong back but it is not complaining<br>
> he has no route to host.<br>
<br>
wild guess: maybe the response fails to find its way back to the source?<br>
In this case you could either masquerade (SNAT) traffic when it leaves the<br>
tunnel at VPN_office or you could configure a suitable route on the default<br>
gateway of your network (this should work for all local hosts via ICMP<br>
redirects).<br>
<br>
Maybe you want to analyze the place where the traffic gets lost via tcpdump.<br>
<br>
Cheers,<br>
Lars<br>
_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
</blockquote></div>