Basic configuration problem

Guus Sliepen guus at tinc-vpn.org
Sat Sep 15 16:23:28 CEST 2012


On Fri, Sep 14, 2012 at 03:37:28PM -0700, Ryan Rustong wrote:

>  After starting tinc, I am able to see that the tun0 interface comes up and
> the 192.168.0.0/16 route is added to both route tables.  I added
> 10.18.73.0/24 to my "client" route table pointing to the tun0 interface as
> a route is not being created for that (which to my understanding is my
> responsibility as tinc does not take care of that).
[...]
> [root at tinc-server tinc]# ping 192.168.1.2
> PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
> From 192.168.1.2 icmp_seq=1 Destination Net Unknown
> From 192.168.1.2 icmp_seq=2 Destination Net Unknown

The response "Destination Net Unknown" means that tinc does not know where to
send packets with IP address 192.168.1.2 to. Indeed, looking at your host
config files, I see:

> hosts/server1:
> 
> Address = 1.1.1.1
> Port = 655
> Subnet = 10.18.73.23/32
> 
> hosts/client1:
> 
> Address = 2.2.2.2
> Port = 655
> Subnet = 192.168.56.101/32
> Subnet = 10.0.2.15/32

There is no Subnet that contains 192.168.1.2. Given the following ifconfig
commands in your tinc-up files:

> [server1] ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
> [client1] ifconfig $INTERFACE 192.168.1.2 netmask 255.255.0.0

You should add "Subnet = 192.168.1.1" to hosts/server1, and "Subnet =
192.168.1.2" to hosts/client1. Then the ping command should work.
Alternatively, you can use "Mode = switch" in tinc.conf and omit all the Subnet
statements.

However, if your goal is to have the client access the 10.0.2.0/24 network of
the client, and/or the client to access the 10.18.73.0/24 network of the
server, then you don't need to create an 192.168.0.0/16 network for the VPN.
Given the Subnets you currently have in your host config files, I suggest the
following configuration:

hosts/server1:

Address = 1.1.1.1
Subnet = 10.18.73.0/24

server1's tinc-up:

#!/bin/sh
ifconfig $INTERFACE 10.18.73.23 netmask 255.0.0.0

hosts/client1:

Subnet = 10.0.2.0/24

client1's tinc-up:

#!/bin/sh
ifconfig $INTERFACE 10.0.2.15 netmask 255.0.0.0

That way, you should be able to ping 10.0.2.15 directly from the server.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120915/a3defd5a/attachment.pgp>


More information about the tinc mailing list