Questions about multiple Tinc daemons

Denny Fox dennyf at microtime.sbwireless.net
Fri Dec 27 13:39:17 CET 2002 

Thanks!

I changed the tap1 netmask for vpn2 to 255.255.128.0 on both ends, and
now the tap1 vpn2 works.

To summarize:

System 1 on net1, has two separate vpns,
  first on tap0 at 192.168.1.250/255.255.0.0 (vpn1)
  second on tap1 at 192.168.1.250/255.255.128.0 (vpn2)

System 2 on net2, is on vpn1
  tap0 at 192.168.200.254/255.255.0.0 (vpn1)

System 3 on net3, is on vpn2
  tap0 at 192.168.3.254/255.255.128.0 (vpn2)

Systems on net1 can see the nets behind system 2 and system 3
Systems on net2 can see the net behind system 1
Systems on net3 can see the net behind system 1
Systems on net2 and net3 cannot see each other

This is what I was trying to get working.

Thanks again,

Denny

> -----Original Message-----
> From: tinc-bounce at nl.linux.org [mailto:tinc-bounce at nl.linux.org]On
> Behalf Of Guus Sliepen
> Sent: Friday, December 27, 2002 5:42 AM
> To: tinc at nl.linux.org
> Cc: Denny Fox
> Subject: Re: Questions about multiple Tinc daemons
>
>
> On Thu, Dec 26, 2002 at 08:10:15PM -0600, Denny Fox wrote:
>
> > Is it proper to use the same network number for tap0 and
> tap1 in the
> > /etc/tinc/{network}/tinc-up scripts?
>
> No.
>
> > for vpn1 in tinc-up:
> > #!/bin/sh
> > ifconfig tap0 hw ether fe:fd:0:0:0:0
> > ifconfig tap0 192.168.1.250 netmask 255.255.0.0
> > ifconfig tap0 mtu 1400
> > ifconfig tap0 -arp
> >
> > for vpn2 in tinc-up
> > #!/bin/sh
> > ifconfig tap1 hw ether fe:fd:0:0:0:0
> > ifconfig tap1 192.168.1.250 netmask 255.255.0.0
> > ifconfig tap1 mtu 1400
> > ifconfig tap1 -arp
> >
> > The tap0 connection works, but the tap1 connection won't
> ping, even
> > though it says its connected. No firewall blocking errors.
>
> Using the same MAC address is fine, however, you are using
> exactly the
> same IPv4 subnet for both VPNs. How do you expect your
> computer to know
> which VPN to use for a given IP address? Use different subnets for
> different VPNs.
>
> --
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <guus at sliepen.eu.org>
>

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list