Simple Class A VPN Guide - Problems

Rob Townley rob.townley at gmail.com
Fri May 3 02:18:04 CEST 2013 

If you are new to tinc, i would start with  10.0.0.1/32 and 10.0.0.2/32
When there are two gateways into the same LAN, two with the same subnet
would work, but start simple.  Start really simple.

Once you have both working with /32, then you might want to try 10.0.1.1/24and
10.0.2.2/24

i wonder how well tinc will parse spaces in folder names.
Maybe it works fine, but i would not do it anymore.
One way to get rid of spaces on windows is to use the sysinternals tool
junction.exe

junction.exe  C:\APPS32\    C:\Program Files (x86\,
junction.exe  C:\APPS64\    C:\Program Files\

then C:\APPS32\ works whereever C:\Program Files (x86)\ resides.
PrivateKeyFile = c:\Program Files (x86)\tinc\vpn\rsa_key.priv

It is better if private keys are in a non world readable folder, C:\Program
Files (x86)\  can be read by any one.





On Thu, May 2, 2013 at 6:02 PM, Andrew Armstrong <phplasma at gmail.com> wrote:

> Thanks Donald. I'm confused as to why my previous 10/8 range would not
> work in this case?
>
> Surely I'm just asking tinc for a huge address range but only using two
> addresses, (similar to your example), yet mine does not work.
>
> Sent from my iPhone
>
> On 03/05/2013, at 1:49 AM, Donald Pearson <donaldwhpearson at gmail.com>
> wrote:
>
> As an example, one of the setups I ran was 2 sites, reach with a local
> /24.  Tinc subnets were configured on each side with a /25 inside of the
> local /24.  Any devices that you would wish to participate in the VPN,
> you'd provision with an IP inside of the /25.  Otherwise provision it
> inside of the /24.  The devices themselves would still use a /24 mask but
> the VPN would only expose half of that range due to it's /25 configuration.
>
> In that way for any one site, all local devices could communicate with all
> other local devices, and 1/2 of the IP range of the remote site through the
> VPN.
>
>
> On Thu, May 2, 2013 at 11:04 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:
>
>> On Fri, May 03, 2013 at 12:51:34AM +1000, Andrew Armstrong wrote:
>>
>> > Thanks Guus, I will try this shortly. Can you elaborate on when an
>> actual
>> > subnet of (say) 10.0.0.0/8 would ever be used (or things other than a
>> /32
>> > address).
>>
>> You typically use things other than a /32 when you have a LAN connected
>> to a
>> node running tinc, and you want to make the whole LAN part of the VPN.
>>
>> See for example the configuration described in the manual:
>>
>> http://tinc-vpn.org/documentation/tinc_4.html#Example-configuration
>>
>> --
>> Met vriendelijke groet / with kind regards,
>>      Guus Sliepen <guus at tinc-vpn.org>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130502/16fab12b/attachment.html>

More information about the tinc mailing list