5.4 Solving problems
If tinc starts without problems, but if the VPN doesn’t work, you will have to find the cause of the problem.
The first thing to do is to start tinc with a high debug level in the foreground,
so you can directly see everything tinc logs:
If tinc does not log any error messages, then you might want to check the following things:
- tinc-up script
Does this script contain the right commands?
Normally you must give the interface the address of this host on the VPN, and the netmask must be big enough so that the entire VPN is covered.
- Subnet
Does the Subnet (or Subnets) in the host configuration file of this host match the portion of the VPN that belongs to this host?
- Firewalls and NATs
Do you have a firewall or a NAT device (a masquerading firewall or perhaps an ADSL router that performs masquerading)?
If so, check that it allows TCP and UDP traffic on port 655.
If it masquerades and the host running tinc is behind it, make sure that it forwards TCP and UDP traffic to port 655 to the host running tinc.
You can add ‘TCPOnly = yes’ to your host config file to force tinc to only use a single TCP connection,
this works through most firewalls and NATs. Since version 1.0.10, tinc will automatically fall back to TCP if direct communication via UDP is not possible.