Basic configuration problem

Guus Sliepen guus at tinc-vpn.org
Mon Sep 17 23:04:26 CEST 2012


On Mon, Sep 17, 2012 at 09:57:01AM -0700, Ryan Rustong wrote:

> > I did not realize that the same IP address can be used on multiple
> > interfaces.  Unfortunately this does not work either.
>
> Ok, this actually did work, I didn't have the subnet mask set quite that
> large in the tinc-up script.  After making that correction I am now able to
> get to the IP of the tunnel interface (which is the same as the IP on the
> eth0 interface).  I can also get to other IPs in the same subnet by setting
> a route on them to use the tinc "server" as the gateway.
> 
> However, I am not able to get to any other subnets by adding additional
> subnets.  Do all subnets that I wish to access need to fall within the same
> subnet as is defined in my tinc-up script?  The problem is that I have some
> 10.x.x.x addresses and some 192.168.x.x addresses that I would like to be
> able to access.

You should have Subnet statements for all the subnets you want to access.
However, you have to take care yourself of setting IP address and routes in the
tinc-up script. If you want to use both 10.x.x.x and 192.168.x.x address on the
VPN, you have to do something like this in tinc-up:

#!/bin/sh
ifconfig $INTERFACE 10.x.x.x netmask 255.0.0.0
route add 192.168.0.0 netmask 255.255.0.0 dev $INTERFACE

Or if you like you can also use the "ip" command on Linux:

#!/bin/sh
ip addr add 10.x.x.x/8 dev $INTERFACE
ip route add 192.168.0.0/16 dev $INTERFACE

Tinc does not add routes itself.

> Also, I am not always going to have the clients using the same IP space on
> their eth0 interface, which was why I originally defined a separate subnet
> specifically to be used on the tun0 interface.  I have some clients with
> 10.x.x.x addresses on eth0 and some with 192.168.x.x on eth0.

You can of course also use a subnet that is completely separate from what the
nodes have on their real interfaces.

>  Unfortunately, even after adding those subnets to the host files as you
> mentioned, I still cannot get it to work unless I use switch mode.  Is this
> a limitation of how tinc works, or am I possibly still doing something
> wrong?

You are still doing something wrong ;) If you want you can send your host
config files and tinc-up scripts again, and I can tell you if there still is a
problem with them.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120917/dbf6a075/attachment.pgp>


More information about the tinc mailing list