bridging on debian stable endpoints - clarification

mooshii mooshii at sympatico.ca
Thu Aug 31 19:16:35 CEST 2006 

I would like to clarify the email I sent yesterday.

There are two ethernet segments in two different cities that I would  
like to operate as one logical network. Both physical lans have a  
switch/hub, a gateway with one external IP address that NATs traffic  
and can port forward tinc ports to the internal debian stable machine  
(where tinc is run), various client computers ('c' in the diagram  
below) and the aforementioned debian/stable server ('ds' in the  
diagram below).

Crude ASCII diagram:

     hub --------------NAT-ing gateway ------------- 
INTERNET---------------NATing gateway--------------hub
  /   /   \     
\                                                                        
                                                                         
          /   /   \    \
  |   |     |     
|                                                                        
                                                                         
       |   |     |    |
c   c    c    
ds                                                                       
                                                                         
    c   c    c   ds

I would like to forward UDP and possibly IPX between the two  
networks, so I thought it was necessary to bridge the networks  
together. The machines ('c' in the above diagram) that need to  
communicate with each other will be assigned a common IP network for  
UDP, and will send and receive all packets on the local segment,  
completely ignorant that the machine it may be talking to is not  
actually on the same physical ethernet segment.

Both debian/stable machines will bind the ethernet NIC and the VPN  
tunnel (which connects the two debian/stable machines) to a bridge,  
and route packets as necessary based on ethernet mac addresses.

This setup is like the example configuration on the tinc web page:
http://www.tinc-vpn.org/examples/bridging
and the two tinc daemons establish their connections (meta and data).  
Both ends send out the proper packets on the vpn tunnel, and although  
the data is received, it doesn't make it up the stack. tcpdump on  
either end of the tunnel shows only outbound data.

It appears that the configuration is correct, but the daemon is at  
fault. Specifically, it appears to be a known issue with tinc 1.0.3,  
and the solution is to move to 1.0.4:
http://brouwer.uvt.nl/pipermail/tinc/2006-January/001497.html
Unfortunately that version is not available in debian/stable.

I'm looking for solutions to 'port' the tinc 1.0.4 daemon to debian/ 
stable, or use a different tool to achieve the same objective (which  
is to logically link/bridge the two segments together).

Anyone have any thoughts on the matter?

Thanks,
Christian.

More information about the tinc mailing list