need setup help
Jason Ostermann
jostermann at travnav.com
Fri Sep 15 19:51:51 CEST 2000
> You cannot do this. MyOwnVPNIP's must NOT overlap. With MyOwnVPNIP you
> tell a tinc daemon which IP addresses it sees as local. If you put /24
> behind the address, it will see the entire network 192.168.111.* as local,
> and it will never forward any packet with a destination in that range to
> another tinc daemon.
>
> You can either change /24 into /32, this will let the tinc daemons
> communicate to each other, but only on two IP addresses. If you really
> want to connect two different subnets, change the addresses accordingly,
> and also increase VPNmask.
ok, here's how I changed it.
Shire: tap0 is 192.168.110.1/24, MyOwnVPNIP=192.168.110.1/24
Gondor: tap0 is 192.168.111.1/24 MyOwnVPNIP=192.168.111.1/24
I start up the tincd's, and after they start, I add a route to the other
net through tap0, so the routing table on each has:
192.168.110.0 255.255.255.0 tap0
192.168.111.0 255.255.255.0 tap0
I pinged from Gondor to Shire, still no replies. The byte counts were as
followes (logged after tincd -k):
Gondor: written: tap0:0 socket:576 read: tap0:600 socket:0
Shire: written: tap0:600 socket:0 read: tap0:0 socket:576
So it looks like the packets are getting from Gondor to Shire just fine,
but no replies are making it back. Pinging the opposite direction has
the same result.
Also, I have to have the listenport be something obvious, because of the
unruliness of the firewall I'm jumping. The server is protected by my
own firewall, however.
Thanks!
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
More information about the Tinc
mailing list