Setup tinc for "Road warrior"?

Paolo Alexis Falcone pfalcone at free.net.ph
Tue Apr 25 03:43:25 CEST 2006 

On Tuesday 25 April 2006 01:56, Guus Sliepen wrote:
> On Sat, Apr 22, 2006 at 07:12:09PM +0800, Paolo Alexis Falcone wrote:
> > I'm having some trouble connecting to the tinc VPN I've setup for my
> > client. Basically I would like to connect to the LAN of my client (as I'm
> > currently thousands of miles away and won't be back for a month and a
> > half) to continue with the development of an in-house ERP.
> >
> > I've setup the router (a Linksys router running the stock firmware) to
> > forward both TCP and UDP packets port 655 to 192.168.100.248 (which hosts
> > the tinc daemon).
> >
> > Problem now is that when I try to ping the other host (either way) I
> > couldn't seem to have them see each other.
>
> Let's have a look at your configuration:
> > tinc.conf:
> > Name=pfalcone
> > ConnectTo=erp
> > AddressFamily=ipv4
> > Mode=switch
> > TCPonly=yes
>
> If you use TCPonly=yes, you don't have to forward UDP on your router of
> course.
>
> > tinc-up:
> > #!/bin/sh
> > ifconfig $INTERFACE 192.168.100.244 netmask 255.255.0.0
> >
> > hosts/pfalcone:
> > Subnet=192.168.100.244/32
>
> With Mode=switch, Subnet statements are ignored.
>
> > hosts/erp:
> > Address=283.870.215.224 (replace with some real IP address of the
> > firewall here)
> > Subnet=192.168.100.248/32
>
> [...]
>
> Your configuration looks OK, but check your routing table (route -n),
> the firewall rules on erp and pfalcone (iptables -L -v -x -n), and the
> output of tinc running with the -d5 -D options.

Here's the routing table for erp:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 unilox
0.0.0.0         192.168.100.254 0.0.0.0         UG    0      0        0 eth0

Here's the routing table for pfalcone (as I'm now yet again on another LAN):
192.168.254.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 unilox
0.0.0.0         192.168.254.254 0.0.0.0         UG    0      0        0 eth0

For both erp and pfalcone, I don't run any firewall rules:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               
destination

The weird thing is that when I tried to ssh from pfalcone (192.168.100.244) to 
erp (192.168.100.248) ssh fails with 'no route to host'. Here's the output 
from erp's tincd, then pfalcone's tincd ran with -d5 -D

erp:
root at erp:/home/pfalcone # tincd -n unilox -d5 -D
tincd 1.0.3 (Nov 13 2004 13:26:29) starting, debug level 5
/dev/net/tun is a Linux tun/tap device (tap mode)
Executing script tinc-up
Listening on 0.0.0.0 port 655
Ready
Read packet of 90 bytes from Linux tun/tap device (tap mode)
Learned new MAC address 0:ff:fc:c:1e:95
Broadcasting packet of 90 bytes from erp (MYSELF)
Read packet of 78 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 78 bytes from erp (MYSELF)
Read packet of 70 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 70 bytes from erp (MYSELF)
Read packet of 70 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 70 bytes from erp (MYSELF)
Read packet of 70 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 70 bytes from erp (MYSELF)
Connection from 210.213.150.130 port 61329
Sending ID to (null) (210.213.150.130 port 61329): 0 erp 17
Sending 9 bytes of metadata to (null) (210.213.150.130 port 61329)
Got ID from (null) (210.213.150.130 port 61329): 0 pfalcone 17
Sending METAKEY to pfalcone (210.213.150.130 port 61329): 1 94 64 0 0 
BFB54B700DB546575B66793BF5468791F393F79EDF7C31E517F1A6676C3115BB606BFBB5FF04B47D686EC5215082F38AF9838E6F1B252FB76A28C3B570B65A9922D34046FE3D46516701BC4BA7E35E6B5F32B49AC2630400748F01EB7741B0CB25C47D46686F72DAAEB93D2D07FB60AE8C9548F11A2830EDF9014DB25F2907BE
Sending 269 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Got METAKEY from pfalcone (210.213.150.130 port 61329): 1 94 64 0 0 
494BF30BE99D41F8159A9A7751420782ED3C3666F2F82E1110A1071AAA7A55D1B1441DEDC83D3187E30F0DC8EAD9D4EDCD555904AA9CA4410E8FB32FB25CB2D16C33D40D480D8A842DAD184C5F0B7FD7053FAD780994D058A080BA6C657E92D2833C0DBEEE24B33B4627D42E6076B45A5223C9EF2298A39BCA8FFCF6AC735FD7
Sending CHALLENGE to pfalcone (210.213.150.130 port 61329): 2 
39CF6364C2CDDFE13EADF88613F22997A5AD1331CA9202436F3DDB7FFFA5D0720C01FF82F39767294C07875C36656EF90828592EBC6FC897DFACAC5D61CC09CE6C7DDAAF499224E5AB4B3AE8E026D4294D2C1D79933251A691B837433261E04C71D16083D51197A3976CC18852918D07ECA8E76EE4CCBC28E03229C9F381B8E7
Sending 259 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Got CHALLENGE from pfalcone (210.213.150.130 port 61329): 2 
4A35CBFC96CACBE0A0693FA9747B083ABCC5047416C1086958EAAEB2A7F4E9A1457FD43563D3B41DC395AED258F0882F6E148266E58DD5D1FC6EE83A711986732B29E42CE51ED3D4D7AF12548E0C7F094F6530FC3DA65821ACA81EDA34E6EA7BE25E0D71B42241C78CD88856A83DB76593EA528BC218BD5C60CC9376EA0187BE
Sending CHAL_REPLY to pfalcone (210.213.150.130 port 61329): 3 
53F66E943B37719C40E002403F8820FF39D02FE0
Sending 43 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Got CHAL_REPLY from pfalcone (210.213.150.130 port 61329): 3 
D971384822CAE3B3839ED842F98E4E8AD5250D6E
Sending ACK to pfalcone (210.213.150.130 port 61329): 4 655 293 3
Sending 12 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Got ACK from pfalcone (210.213.150.130 port 61329): 4 655 446 3
Connection with pfalcone (210.213.150.130 port 61329) activated
Sending ADD_SUBNET to pfalcone (210.213.150.130 port 61329): 10 6ab4d56e erp 
0:ff:fc:c:1e:95
Sending 32 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Sending ADD_SUBNET to pfalcone (210.213.150.130 port 61329): 10 3fafef9b erp 
192.168.100.248/32
Sending 35 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Sending ADD_EDGE to everyone (BROADCAST): 12 481e7408 erp pfalcone 
210.213.150.130 655 3 369
Sending 51 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Got ADD_SUBNET from pfalcone (210.213.150.130 port 61329): 10 50b21cf9 
pfalcone 8a:8f:ec:b3:3d:cc
Forwarding ADD_SUBNET from pfalcone (210.213.150.130 port 61329): 10 50b21cf9 
pfalcone 8a:8f:ec:b3:3d:cc
Got ADD_SUBNET from pfalcone (210.213.150.130 port 61329): 10 79901bee 
pfalcone 192.168.100.244/32
Forwarding ADD_SUBNET from pfalcone (210.213.150.130 port 61329): 10 79901bee 
pfalcone 192.168.100.244/32
Got ADD_EDGE from pfalcone (210.213.150.130 port 61329): 12 5849e63e pfalcone 
erp 203.87.153.224 655 3 369
Forwarding ADD_EDGE from pfalcone (210.213.150.130 port 61329): 12 5849e63e 
pfalcone erp 203.87.153.224 655 3 369
Node pfalcone (210.213.150.130 port 655) became reachable
Got PACKET from pfalcone (210.213.150.130 port 61329): 17 90
Received packet of 90 bytes from pfalcone (210.213.150.130 port 655)
Broadcasting packet of 90 bytes from pfalcone (210.213.150.130 port 655)
Got PACKET from pfalcone (210.213.150.130 port 61329): 17 70
Received packet of 70 bytes from pfalcone (210.213.150.130 port 655)
Broadcasting packet of 70 bytes from pfalcone (210.213.150.130 port 655)
Got PACKET from pfalcone (210.213.150.130 port 61329): 17 70
Received packet of 70 bytes from pfalcone (210.213.150.130 port 655)
Broadcasting packet of 70 bytes from pfalcone (210.213.150.130 port 655)
Got PACKET from pfalcone (210.213.150.130 port 61329): 17 70
Received packet of 70 bytes from pfalcone (210.213.150.130 port 655)
Broadcasting packet of 70 bytes from pfalcone (210.213.150.130 port 655)
Got PACKET from pfalcone (210.213.150.130 port 61329): 17 42
Received packet of 42 bytes from pfalcone (210.213.150.130 port 655)
Broadcasting packet of 42 bytes from pfalcone (210.213.150.130 port 655)
Got PACKET from pfalcone (210.213.150.130 port 61329): 17 42
Received packet of 42 bytes from pfalcone (210.213.150.130 port 655)
Broadcasting packet of 42 bytes from pfalcone (210.213.150.130 port 655)
Got PACKET from pfalcone (210.213.150.130 port 61329): 17 42
Received packet of 42 bytes from pfalcone (210.213.150.130 port 655)
Broadcasting packet of 42 bytes from pfalcone (210.213.150.130 port 655)
Sending PING to pfalcone (210.213.150.130 port 61329): 8
Sending 2 bytes of metadata to pfalcone (210.213.150.130 port 61329)
Got PONG from pfalcone (210.213.150.130 port 61329): 9
Purging unreachable nodes

pfalcone: 
vanguard:/home/pfalcone# tincd -n unilox -d5 -D
tincd 1.0.4 (Oct 17 2005 12:39:29) starting, debug level 5
/dev/net/tun is a Linux tun/tap device (tap mode)
Executing script tinc-up
Listening on 0.0.0.0 port 655
Ready
Trying to connect to erp (203.87.153.224 port 655)
Read packet of 90 bytes from Linux tun/tap device (tap mode)
Learned new MAC address 8a:8f:ec:b3:3d:cc
Broadcasting packet of 90 bytes from pfalcone (MYSELF)
Read packet of 78 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 78 bytes from pfalcone (MYSELF)
Connected to erp (203.87.153.224 port 655)
Sending ID to erp (203.87.153.224 port 655): 0 pfalcone 17
Sending 14 bytes of metadata to erp (203.87.153.224 port 655)
Got ID from erp (203.87.153.224 port 655): 0 erp 17
Sending METAKEY to erp (203.87.153.224 port 655): 1 94 64 0 0 
494BF30BE99D41F8159A9A7751420782ED3C3666F2F82E1110A1071AAA7A55D1B1441DEDC83D3187E30F0DC8EAD9D4EDCD555904AA9CA4410E8FB32FB25CB2D16C33D40D480D8A842DAD184C5F0B7FD7053FAD780994D058A080BA6C657E92D2833C0DBEEE24B33B4627D42E6076B45A5223C9EF2298A39BCA8FFCF6AC735FD7
Sending 269 bytes of metadata to erp (203.87.153.224 port 655)
Got METAKEY from erp (203.87.153.224 port 655): 1 94 64 0 0 
BFB54B700DB546575B66793BF5468791F393F79EDF7C31E517F1A6676C3115BB606BFBB5FF04B47D686EC5215082F38AF9838E6F1B252FB76A28C3B570B65A9922D34046FE3D46516701BC4BA7E35E6B5F32B49AC2630400748F01EB7741B0CB25C47D46686F72DAAEB93D2D07FB60AE8C9548F11A2830EDF9014DB25F2907BE
Sending CHALLENGE to erp (203.87.153.224 port 655): 2 
4A35CBFC96CACBE0A0693FA9747B083ABCC5047416C1086958EAAEB2A7F4E9A1457FD43563D3B41DC395AED258F0882F6E148266E58DD5D1FC6EE83A711986732B29E42CE51ED3D4D7AF12548E0C7F094F6530FC3DA65821ACA81EDA34E6EA7BE25E0D71B42241C78CD88856A83DB76593EA528BC218BD5C60CC9376EA0187BE
Sending 259 bytes of metadata to erp (203.87.153.224 port 655)
Got CHALLENGE from erp (203.87.153.224 port 655): 2 
39CF6364C2CDDFE13EADF88613F22997A5AD1331CA9202436F3DDB7FFFA5D0720C01FF82F39767294C07875C36656EF90828592EBC6FC897DFACAC5D61CC09CE6C7DDAAF499224E5AB4B3AE8E026D4294D2C1D79933251A691B837433261E04C71D16083D51197A3976CC18852918D07ECA8E76EE4CCBC28E03229C9F381B8E7
Sending CHAL_REPLY to erp (203.87.153.224 port 655): 3 
D971384822CAE3B3839ED842F98E4E8AD5250D6E
Sending 43 bytes of metadata to erp (203.87.153.224 port 655)
Got CHAL_REPLY from erp (203.87.153.224 port 655): 3 
53F66E943B37719C40E002403F8820FF39D02FE0
Sending ACK to erp (203.87.153.224 port 655): 4 655 446 3
Sending 12 bytes of metadata to erp (203.87.153.224 port 655)
Got ACK from erp (203.87.153.224 port 655): 4 655 293 3
Connection with erp (203.87.153.224 port 655) activated
Sending ADD_SUBNET to erp (203.87.153.224 port 655): 10 50b21cf9 pfalcone 
8a:8f:ec:b3:3d:cc
Sending 39 bytes of metadata to erp (203.87.153.224 port 655)
Sending ADD_SUBNET to erp (203.87.153.224 port 655): 10 79901bee pfalcone 
192.168.100.244/32
Sending 40 bytes of metadata to erp (203.87.153.224 port 655)
Sending ADD_EDGE to everyone (BROADCAST): 12 5849e63e pfalcone erp 
203.87.153.224 655 3 369
Sending 50 bytes of metadata to erp (203.87.153.224 port 655)
Got ADD_SUBNET from erp (203.87.153.224 port 655): 10 6ab4d56e erp 
0:ff:fc:c:1e:95
Forwarding ADD_SUBNET from erp (203.87.153.224 port 655): 10 6ab4d56e erp 
0:ff:fc:c:1e:95
Got ADD_SUBNET from erp (203.87.153.224 port 655): 10 3fafef9b erp 
192.168.100.248/32
Forwarding ADD_SUBNET from erp (203.87.153.224 port 655): 10 3fafef9b erp 
192.168.100.248/32
Got ADD_EDGE from erp (203.87.153.224 port 655): 12 481e7408 erp pfalcone 
210.213.150.130 655 3 369
Forwarding ADD_EDGE from erp (203.87.153.224 port 655): 12 481e7408 erp 
pfalcone 210.213.150.130 655 3 369
Node erp (203.87.153.224 port 655) became reachable
Read packet of 90 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 90 bytes from pfalcone (MYSELF)
Sending packet of 90 bytes to erp (203.87.153.224 port 655)
Sending PACKET to erp (203.87.153.224 port 655): 17 90
Sending 6 bytes of metadata to erp (203.87.153.224 port 655)
Sending 90 bytes of metadata to erp (203.87.153.224 port 655)
Read packet of 70 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 70 bytes from pfalcone (MYSELF)
Sending packet of 70 bytes to erp (203.87.153.224 port 655)
Sending PACKET to erp (203.87.153.224 port 655): 17 70
Sending 6 bytes of metadata to erp (203.87.153.224 port 655)
Sending 70 bytes of metadata to erp (203.87.153.224 port 655)
Read packet of 70 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 70 bytes from pfalcone (MYSELF)
Sending packet of 70 bytes to erp (203.87.153.224 port 655)
Sending PACKET to erp (203.87.153.224 port 655): 17 70
Sending 6 bytes of metadata to erp (203.87.153.224 port 655)
Sending 70 bytes of metadata to erp (203.87.153.224 port 655)
Read packet of 70 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 70 bytes from pfalcone (MYSELF)
Sending packet of 70 bytes to erp (203.87.153.224 port 655)
Sending PACKET to erp (203.87.153.224 port 655): 17 70
Sending 6 bytes of metadata to erp (203.87.153.224 port 655)
Sending 70 bytes of metadata to erp (203.87.153.224 port 655)
Read packet of 42 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 42 bytes from pfalcone (MYSELF)
Sending packet of 42 bytes to erp (203.87.153.224 port 655)
Sending PACKET to erp (203.87.153.224 port 655): 17 42
Sending 6 bytes of metadata to erp (203.87.153.224 port 655)
Sending 42 bytes of metadata to erp (203.87.153.224 port 655)
Read packet of 42 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 42 bytes from pfalcone (MYSELF)
Sending packet of 42 bytes to erp (203.87.153.224 port 655)
Sending PACKET to erp (203.87.153.224 port 655): 17 42
Sending 6 bytes of metadata to erp (203.87.153.224 port 655)
Sending 42 bytes of metadata to erp (203.87.153.224 port 655)
Read packet of 42 bytes from Linux tun/tap device (tap mode)
Broadcasting packet of 42 bytes from pfalcone (MYSELF)
Sending packet of 42 bytes to erp (203.87.153.224 port 655)
Sending PACKET to erp (203.87.153.224 port 655): 17 42
Sending 6 bytes of metadata to erp (203.87.153.224 port 655)
Sending 42 bytes of metadata to erp (203.87.153.224 port 655)
Got PING from erp (203.87.153.224 port 655): 8
Sending PONG to erp (203.87.153.224 port 655): 9
Sending 2 bytes of metadata to erp (203.87.153.224 port 655)
Sending PING to erp (203.87.153.224 port 655): 8
Sending 2 bytes of metadata to erp (203.87.153.224 port 655)
Got PONG from erp (203.87.153.224 port 655): 9
Purging unreachable nodes

-- 
Paolo Alexis Falcone
pfalcone at free.net.ph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20060425/7d21a687/attachment.pgp

More information about the tinc mailing list