can't ping to an internal IP through tinc's virtual interfaces

tinc at nl.linux.org tinc at nl.linux.org
Wed Jul 30 15:56:34 CEST 2003 

Guus Sliepen escribió:

> On Tue, Jul 29, 2003 at 08:39:18PM -0300, Roberto Meyer wrote:
> 
> > > Probably wrong configuration of the virtual interface or wrong Subnets.
> > > Send copies of tinc-up and the host config files so we can see!
> > 
> > As I said, the VPN seems to work ok. I can ping from one machine to the
> > other one (only to their virtual interfaces). I even configured mail
> > relaying (exim listens on the virtual IP).
> 
> But I still can't diagnose your problem if I don't see your config
> files.

Here they go:

*** pamvirtual config ***

/etc/tinc/vpn/tinc-up:
   ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
   ifconfig $INTERFACE 10.10.10.1 netmask 255.255.0.0
   ifconfig $INTERFACE -arp

/etc/tinc/vpn/tinc.conf:
   Name = pamvirtual
   Device = /dev/tun
   PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv

/etc/tinc/vpn/hosts/isivirtual:
Subnet = 10.10.10.2/32
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----

Routing table:
200.80.x.0     *               255.255.255.128  U   0  0  0  eth0
192.168.144.0  isivirtual      255.255.255.0    UG  0  0  0  vpn
10.10.0.0      *               255.255.0.0      U   0  0  0  vpn
default        host1.200.80.x  0.0.0.0          UG  0  0  0  eth0


*** isivirtual config ***

/etc/tinc/vpn/tinc-up:
   ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
   ifconfig $INTERFACE 10.10.10.2 netmask 255.255.0.0
   ifconfig $INTERFACE -arp

/etc/tinc/vpn/tinc.conf:
   Name = isivirtual
   Device = /dev/tun
   PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
   ConnectTo = pamvirtual

/etc/tinc/vpn/hosts/pamvirtual:
   Address = 200.80.x.x
   Subnet = 10.10.10.1/32
   -----BEGIN RSA PUBLIC KEY-----
   -----END RSA PUBLIC KEY-----


Routing is enabled at both hosts. What I can't do is a ping or
traceroute from pamvirtual to any other interface than the virtual ones.

Another thing I couldn't work out is to configure addresses like
10.10.10.0/24 for subnets... I found broadcast addresses somewhat weird:
ifconfig vpn at isivirtual shows this:

vpn  Link encap:Ethernet  HWaddr FE:FD:00:00:00:00  
     inet addr:10.10.10.2  Bcast:10.255.255.255  Mask:255.255.0.0
     UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500 Metric:1
     RX packets:725 errors:0 dropped:0 overruns:0 frame:0
     TX packets:909 errors:0 dropped:0 overruns:0 carrier:0 
	 collisions:0 txqueuelen:100 
	 RX bytes:567953 (554.6 KiB) TX bytes:683323 (667.3 KiB)


Thank you very much for your help.

-
Roberto
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list