Why we say you should ifconfig $INTERFACE hw ether fe:fd:0:0:0:0

[Guus Sliepen]

On Wed, Jun 11, 2003 at 01:52:20PM -0500, Shashank Khanvilkar wrote:

> I have listed a mini-howto at this site:
> http://mia.ece.uic.edu/~papers/volans/tincd.html
> 
> Comments are welcome.

- The picture still shows 192.168.254.200 and .201.
- "more better" is redundant :).
- The tinc manual will tell you that it is better to make tinc.conf and
  the host config file before generating keys (that way they end up in
  the right spot and you don't have to move them around anymore).
- The tinc-down script is not needed normally, as soon as tinc quits the
  interface is brought down anyway by the kernel, and all associated
  routes are removed.
- Killing tinc is best done with "tincd -n <netname> -k", but I guess
  that didn't work for you because it was broken in CVS when you checked
  it out (it's fixed now).
- It's best to have a name for the entire VPN and use that as the
  <netname>, so all configuration is stored in /etc/tinc/<netname>/ on
  both zidler and mia. If you do that you'll see that the contents of
  /etc/tinc/<netname>/hosts/ are identical on both machines.

If you really want a private subnet for tunnel endpoints, you'd have to
do something like this:

In tinc-up on mia:

#!/bin/sh
ifconfig $INTERFACE 192.168.254.200 netmask 255.255.255.0
route add 192.168.2.0 netmask 255.255.255.0 dev $INTERFACE

You might think you'd have to add gw 192.168.254.201 to that route
command but that really doesn't do anything in router mode.

In hosts/zidler on mia:

Subnet = 192.168.2.0/24
Subnet = 192.168.254.201/32

On zidler you do the opposite of course.


-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20030611/f3c14543/attachment.pgp