Routes are not added automatically

Ricardo Belin Ricardo.Belin at sewan.fr
Mon May 25 09:56:14 CEST 2009 

Hi,

Thank you for this helpfull explanation !

Best regards,


Guus Sliepen a écrit :
> On Wed, May 20, 2009 at 06:58:23PM +0200, Ricardo Belin wrote:
>
>   
>> My problem is that in order to run a simple VPN between two machines I  
>> had to manually add the "route add -net <ip>/24 $INTERFACE" statement on  
>> hosts' tinc-up files.
>>     
>
> Suppose you have two nodes, A and B, and A has 192.168.1.0/24, and B has
> 192.168.2.0/24.  If you then put "ifconfig $INTERFACE 192.168.x.1 netmask
> 255.255.0.0" in the tinc-up files, then you would not need extra route add
> commands, since the whole 192.168.0.0/16 is routed to the VPN. However, if you
> use netmask 255.255.255.0 in tinc-up, then yes, you need to add extra routes.
>
>   
>> I came accross a lot of messages in the archive saying that tinc doesn't  
>> handle routing and that it's my job to configure the routes manually.
>>     
>
> Yes, tinc does not automatically configure the VPN interface and does not add
> routes, you need to create tinc-up and possibly other scripts to do that.
>
>   
>> But according to the website :
>> 1) http://www.tinc-vpn.org/documentation/tinc_3.html#SEC37
>>
>>    "An example 'tinc-up' script:
>>
>>    #!/bin/sh
>>    ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
>>            
>>
>>    This script gives the interface an IP address and a netmask. The
>>    kernel _will also automatically add a route to this interface_ , so
>>    normally you _don't need to add route commands_ to the 'tinc-up'
>>    script. The kernel will also bring the interface up after this
>>    command. The netmask is the mask of the /entire/ VPN network, not
>>    just your own subnet."
>>     
>
> The example is correct, the netmask is so large that it encompasses the whole
> VPN, so you don't need to add more routes.  The ifconfig command in the example
> configures the interface, but also adds a route for 192.168.0.0/16 to the
> kernel's routing table.
>
> If you do not want to use such a large netmask, you can create a subnet-up
> script that contains the following:
>
> #!/bin/sh
> ip route add $SUBNET dev $INTERFACE
>
> And a corresponding subnet-down of course. But you're free to do something
> else.
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>   

-- 
Ricardo BELIN
+33 (0)1 77 70 65 13
Sewan Communications
16 rue Jeanne Hachette
75015 Paris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20090525/129363bb/attachment.htm

More information about the tinc mailing list