Simple Class A VPN Guide - Problems

Donald Pearson donaldwhpearson at gmail.com
Fri May 3 03:13:38 CEST 2013 

Couple thoughts.

In my case, I was running tinc in switch mode on a pair of linux hosts.
 All the hosts within each site's /25 range behaved as peers on a Lan, as
far as they were concerned there was no routing involved.  So if you want
to have a shared subnet across the sites, you'll need to run in switch mode
which I didn't see in your configs.

The other way to do it is a routed vpn, which is what Rob described.

If you go the routed route, the other thing that comes to mind is windows
hosts don't permit routing by default.  That's something that's separate
from anything like windows firewall.  Windows calls it "tcp/ip forwarding"
and it's configured in the registry.


On Thu, May 2, 2013 at 8:18 PM, Rob Townley <rob.townley at gmail.com> wrote:

> If you are new to tinc, i would start with  10.0.0.1/32 and 10.0.0.2/32
> When there are two gateways into the same LAN, two with the same subnet
> would work, but start simple.  Start really simple.
>
> Once you have both working with /32, then you might want to try
> 10.0.1.1/24 and 10.0.2.2/24
>
> i wonder how well tinc will parse spaces in folder names.
> Maybe it works fine, but i would not do it anymore.
> One way to get rid of spaces on windows is to use the sysinternals tool
> junction.exe
>
> junction.exe  C:\APPS32\    C:\Program Files (x86\,
> junction.exe  C:\APPS64\    C:\Program Files\
>
> then C:\APPS32\ works whereever C:\Program Files (x86)\ resides.
> PrivateKeyFile = c:\Program Files (x86)\tinc\vpn\rsa_key.priv
>
> It is better if private keys are in a non world readable folder,
> C:\Program Files (x86)\  can be read by any one.
>
>
>
>
>
> On Thu, May 2, 2013 at 6:02 PM, Andrew Armstrong <phplasma at gmail.com>wrote:
>
>> Thanks Donald. I'm confused as to why my previous 10/8 range would not
>> work in this case?
>>
>> Surely I'm just asking tinc for a huge address range but only using two
>> addresses, (similar to your example), yet mine does not work.
>>
>> Sent from my iPhone
>>
>> On 03/05/2013, at 1:49 AM, Donald Pearson <donaldwhpearson at gmail.com>
>> wrote:
>>
>>  As an example, one of the setups I ran was 2 sites, reach with a local
>> /24.  Tinc subnets were configured on each side with a /25 inside of the
>> local /24.  Any devices that you would wish to participate in the VPN,
>> you'd provision with an IP inside of the /25.  Otherwise provision it
>> inside of the /24.  The devices themselves would still use a /24 mask but
>> the VPN would only expose half of that range due to it's /25 configuration.
>>
>> In that way for any one site, all local devices could communicate with
>> all other local devices, and 1/2 of the IP range of the remote site through
>> the VPN.
>>
>>
>> On Thu, May 2, 2013 at 11:04 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:
>>
>>> On Fri, May 03, 2013 at 12:51:34AM +1000, Andrew Armstrong wrote:
>>>
>>> > Thanks Guus, I will try this shortly. Can you elaborate on when an
>>> actual
>>> > subnet of (say) 10.0.0.0/8 would ever be used (or things other than a
>>> /32
>>> > address).
>>>
>>> You typically use things other than a /32 when you have a LAN connected
>>> to a
>>> node running tinc, and you want to make the whole LAN part of the VPN.
>>>
>>> See for example the configuration described in the manual:
>>>
>>> http://tinc-vpn.org/documentation/tinc_4.html#Example-configuration
>>>
>>> --
>>> Met vriendelijke groet / with kind regards,
>>>      Guus Sliepen <guus at tinc-vpn.org>
>>>
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>
>>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130502/ddeee8a9/attachment.html>

More information about the tinc mailing list