Unable to Pass Traffic to Internal Subnet
Guus Sliepen
guus at tinc-vpn.org
Mon Oct 27 22:56:55 CET 2014
On Mon, Oct 27, 2014 at 04:50:13PM -0400, Kismet Agbasi wrote:
> Thank you guys for a great product. I have successfully setup a VPN between
> a cloud server and an internal one (details below). However, I am unable to
> pass traffic from the cloud to the internal machines behind the tunnel.
>
> Internal subnet: 172.23.6.0/24
> Host Public IP: 50.242.184.132
> Host LAN IP: 172.23.6.148
> Host VPN IP: 10.9.0.2
>
> Cloud Server IP: 107.170.55.181
> Cloud Server VPN IP: 10.9.0.3
>
> I have control of the firewall - it's a Cisco PIX 506E. What else do you
> need me to provide in order for you to be able to assist me?
Looking at the host LAN IP, I assume it's not the router of the LAN.
Therefore, even if tinc would succesfully route packets from the cloud
server to the LAN, the LAN hosts would send return packets to the
gateway of the LAN, your Cisco I assume. You should add an entry to the
routing table of the Cisco that sends packets for 10.9.0.3 to
172.23.6.148.
An alternative solution is to forget about the 10.9.0.0/24 subnet, and
to give the cloud server an IP address from the 172.23.6.0/24 range.
Either by bridging[1] or using proxy ARP[2]. This can be configured from
the LAN host running tinc without requiring any configuration of the
router.
If it still doesn't work, please send a copy of the tinc.conf, tinc-up
and host config files from both the VPN host on the LAN and the cloud
server.
[1] http://www.tinc-vpn.org/examples/bridging/
[2] http://www.tinc-vpn.org/examples/proxy-arp/
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141027/3c1426a0/attachment.sig>
More information about the tinc
mailing list