can't ping to an internal IP through tinc's virtual interfaces
Guus Sliepen
guus at sliepen.eu.org
Wed Jul 30 18:26:55 CEST 2003
On Wed, Jul 30, 2003 at 10:56:34AM -0300, Roberto Meyer wrote:
> > > As I said, the VPN seems to work ok. I can ping from one machine to the
> > > other one (only to their virtual interfaces). I even configured mail
> > > relaying (exim listens on the virtual IP).
> >
> > But I still can't diagnose your problem if I don't see your config
> > files.
[...]
> Routing table:
> 200.80.x.0 * 255.255.255.128 U 0 0 0 eth0
> 192.168.144.0 isivirtual 255.255.255.0 UG 0 0 0 vpn
> 10.10.0.0 * 255.255.0.0 U 0 0 0 vpn
> default host1.200.80.x 0.0.0.0 UG 0 0 0 eth0
Hmkay... I see the problem. Gateway routes don't work with tinc in
router mode. You can do it with tinc in switch mode, but an easier
solution is given below.
> *** pamvirtual config ***
>
> /etc/tinc/vpn/tinc-up:
> ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
> ifconfig $INTERFACE 10.10.10.1 netmask 255.255.0.0
> ifconfig $INTERFACE -arp
Forget about the gateway route. Just add this to tinc-up:
route add -net 192.168.144.0 netmask 255.255.255.0 dev $INTERFACE
> /etc/tinc/vpn/hosts/isivirtual:
> Subnet = 10.10.10.2/32
> -----BEGIN RSA PUBLIC KEY-----
> -----END RSA PUBLIC KEY-----
Add: Subnet = 192.168.144.0/24
> Another thing I couldn't work out is to configure addresses like
> 10.10.10.0/24 for subnets... I found broadcast addresses somewhat weird:
> ifconfig vpn at isivirtual shows this:
Don't bother with the broadcast address, it will never be used.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20030730/110a757d/attachment.pgp
More information about the Tinc
mailing list