Can't ping non-tinc host in subnet across VPN

Peter Meier sa.tcler at gmail.com
Tue Sep 14 10:02:19 CEST 2010 

Dear list,

I'm currently trying to simulate a VPN in a very simple configuration at home.
My normal home-net 192.168.0.0/24 serves as "the internet". Three test
machines are used, two of them connected to "the internet":

odin , external IP 192.168.0.100/24 on eth0
thor , external IP 192.168.0.101/24 on eth0

My VPN uses address space 10.0.0.0/8 in the following way:

odin IP 10.0.0.1/24
thor IP 10.16.1.1/24 on eth1
wpa1-1 IP 10.16.1.250/24 on eth1 directly connected to thor

Configuration on odin:

tinc.conf:
AddressFamily = ipv4
Name = walhalla
Device = /dev/net/tun
ProcessPriority = high

tinc-up (perms 755):
#!/bin/sh
# internal (network card) interface of this subnet
# ifconfig eth1 10.0.0.1 netmask 255.255.255.0
# 10.0.0.1 is odins address in the VPN
# 255.0.0.0 is the netmask of the ENTIRE VPN
ifconfig $INTERFACE 10.0.0.1 netmask 255.0.0.0

Configuration on thor:

tinc.conf:
AddressFamily = ipv4
ConnectTo = walhalla
Name = wpa1
Device = /dev/net/tun
ProcessPriority = high

tinc-up (perms 755):
#!/bin/sh
# internal (network card) interface of this subnet
# ifconfig eth1 10.16.1.1 netmask 255.255.255.0
# 10.16.1.1 is thors address of wpa1 in the VPN
# 255.0.0.0 is the netmask of the ENTIRE VPN
ifconfig $INTERFACE 10.16.1.1 netmask 255.0.0.0

host files (same on both odin and thor):
hosts/walhalla:
Address = 192.168.0.100
Subnet = 10.0.0.0/24
Compression = 1
-----BEGIN RSA PUBLIC KEY-----
.....
-----END RSA PUBLIC KEY-----

hosts/wpa1:
Subnet = 10.16.1.0/24
Compression = 1
-----BEGIN RSA PUBLIC KEY-----
.....
-----END RSA PUBLIC KEY-----

There is no tinc installed or configured on wpa1-1.

Sorry, I don't have ifconfigs and routes handy right now. They look fine as
far as I can tell. If you need them let me know, I can post them tomorrow.

When I start tincd on odin and thor the tunnel works fine. I can ping thor from
odin and vice versa. I can also ping wpa1-1 from thor and vice versa. Pinging
from odin to wpa1-1 doesn't work, neither does it from wpa1-1 to odin.

What's wrong? Which magic spell did I forget?

Thanks for your help

Ulli

More information about the tinc mailing list