Problem with more than two Subnets!

Andres Sommerhoff asommerh at chilesat.net
Sat Jul 19 04:59:23 CEST 2003 

Hello, I successfully built a vpn between two hosts ("main" and "iquique") (and its SubNets), but I have problems
when I want to add another host ("valparaiso"): I get a lot of Duplicates packets everywhere and a very slow 
vpn. I guess that is a routing problem, but I have try with a lot of alternatives without result. I have try with "switch", "hub" and "router" modes, too. If I turn off one of the clients ("iquique" or "valparaiso") the vpn return to
the normality. I have RH 9.0 and tinc-1.0CVS (The only version that run on RH 9.0) of one week ago. Someone
has an idea or solution for this? 

   Thanks for any little or big help.

            Andres Sommerhoff

#############################################################
                         THE DETAILS
#############################################################

********************************************************
  THE EVIDENCE (It is the same for any host on my VPN)
********************************************************

[root at iquique /]# ping 10.0.1.10     (with other clients runing)
  PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=127 time=233 ms
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=126 time=244 ms (DUP!)
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=125 time=250 ms (DUP!)
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=127 time=255 ms (DUP!)
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=124 time=261 ms (DUP!)
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=123 time=267 ms (DUP!)
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=126 time=273 ms (DUP!)
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=125 time=279 ms (DUP!)

[root at iquique /]# ping 10.0.1.10     (without other clients runings only one tunnel, I get a normal answer)
  PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
  64 bytes from 10.0.1.10: icmp_seq=1 ttl=127 time=81.5 ms
  64 bytes from 10.0.1.10: icmp_seq=2 ttl=127 time=23.1 ms
  64 bytes from 10.0.1.10: icmp_seq=3 ttl=127 time=23.8 ms
  64 bytes from 10.0.1.10: icmp_seq=4 ttl=127 time=23.6 ms
  64 bytes from 10.0.1.10: icmp_seq=5 ttl=127 time=21.6 ms
  64 bytes from 10.0.1.10: icmp_seq=6 ttl=127 time=47.5 ms


*******************************************************
  STRUCTURE
*******************************************************

                              |--->   (Valparaiso IP:any) (Client)
                              |        Internal IP: 10.0.2.1
    (main IP:200.1.2.111)  <--|        Subnet: 10.0.2.0/24
    Internal IP: 10.0.1.1     |    
    Subnet: 10.0.1.0/24       |                                  
                              |--->   (Iquique IP:any) (Client)
                                       Internal IP: 10.0.5.1
                                       Subnet: 10.0.5.0/24

                  VPN Subnet: 10.0.0.0/16

******************************************************************
  MAIN 
******************************************************************

[root at main /etc/tinc/vpn]# cat tinc.conf
  Name = main
  Mode = switch
  Device=/dev/net/tun
  PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv

[root at main /etc/tinc/vpn]# cat tinc-up
  #!/bin/sh
  ifconfig $INTERFACE 10.0.250.1 netmask 255.255.0.0
  # ifconfig $INTERFACE -arp

[root at main /etc/tinc/vpn/hosts]# ls
  arica  iquique  main  sanantonio  valparaiso

[root at main /etc/tinc/vpn/hosts]# cat main
  Address = 200.1.2.111
  Subnet = 10.0.1.0/24
  Compress = 9
  -----BEGIN RSA PUBLIC KEY-----
  MIG....MA//8=
  -----END RSA PUBLIC KEY-----

[root at main /etc/tinc/vpn/hosts]# cat iquique
  Subnet = 10.0.5.0/24
  #  Address = 192.168.254.250
  Compress = 9
  -----BEGIN RSA PUBLIC KEY-----
  MIGJ...MA//8=
  -----END RSA PUBLIC KEY-----

[root at main /etc/tinc/vpn/hosts]# cat valparaiso
  Subnet = 10.0.2.0/24
  Compress = 9
  -----BEGIN RSA PUBLIC KEY-----
  MIG....MA//8=
  -----END RSA PUBLIC KEY-----

[root at main /etc/tinc/vpn]# ifconfig
  eth0    Link encap:Ethernet  HWaddr 00:05:5D:7A:2A:37
          inet addr:200.1.2.111  Bcast:200.1.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7768075 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8145489 errors:0 dropped:0 overruns:0 carrier:0
          collisions:182886 txqueuelen:100
          RX bytes:3346245933 (3191.2 Mb)  TX bytes:2556181698 (2437.7 Mb)
          Interrupt:10 Base address:0xd400

  eth1    Link encap:Ethernet  HWaddr 00:40:F4:7B:43:FE
          inet addr:10.0.1.1  Bcast:10.0.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:688682 errors:0 dropped:0 overruns:0 frame:0
          TX packets:685544 errors:0 dropped:0 overruns:0 carrier:0
          collisions:28 txqueuelen:100
          RX bytes:112166115 (106.9 Mb)  TX bytes:474882762 (452.8 Mb)
          Interrupt:10 Base address:0x9e00

  vpn     Link encap:Point-to-Point Protocol
          inet addr:10.0.250.1  P-t-P:10.0.250.1  Mask:255.255.0.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:4531 (4.4 Kb)  TX bytes:4246 (4.1 Kb)

[root at main /etc/tinc/vpn]# route
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
  10.0.1.0        *               255.255.255.0   U     0      0        0 eth1
  200.1.2.0       *               255.255.255.0   U     0      0        0 eth0
  10.0.0.0        *               255.255.0.0     U     0      0        0 vpn
  169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
  127.0.0.0       *               255.0.0.0       U     0      0        0 lo
  default         200.1.2.3       0.0.0.0         UG    0      0        0 eth0

******************************************************************
  IQUIQUE (A client of "main")
******************************************************************
  ("valparaiso" is very similar, but with other Subnet, tunc-up and key.

[root at iquique /etc/tinc/vpn]# cat tinc.conf
  Name = main
  Mode = switch
  Device=/dev/net/tun
  
  PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv

[root at iquique /etc/tinc/vpn]# cat tinc-up
  #!/bin/sh
  ifconfig $INTERFACE 10.0.255.1 netmask 255.255.0.0
  # ifconfig $INTERFACE -arp

[root at iquique /etc/tinc/vpn/hosts]# ls
  iquique  main

[root at iquique /etc/tinc/vpn/hosts]# cat main
  Address = 200.1.2.111
  Subnet = 10.0.1.0/24
  Compress = 9
  -----BEGIN RSA PUBLIC KEY-----
  MIG....MA//8=
  -----END RSA PUBLIC KEY-----

[root at iquique /etc/tinc/vpn/hosts]# cat iquique
  Subnet = 10.0.5.0/24
  #  Address = 192.168.254.250
  Compress = 9
  -----BEGIN RSA PUBLIC KEY-----
  MIGJ...MA//8=
  -----END RSA PUBLIC KEY-----

[root at iquique /]# route
  Kernel IP routing table
  Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
  10.52.20.3      *               255.255.255.255 UH    0      0        0 ppp0
  10.0.4.0        *               255.255.255.0   U     0      0        0 eth1
  192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
  10.0.0.0        *               255.255.0.0     U     0      0        0 vpn
  169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
  127.0.0.0       *               255.0.0.0       U     0      0        0 lo
  default         10.52.20.3      0.0.0.0         UG    0      0        0 ppp0

*************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://brouwer.uvt.nl/pipermail/tinc/attachments/20030718/3d5e7240/attachment.html

More information about the Tinc mailing list