tinc Digest, Vol 123, Issue 13

Guus Sliepen guus at tinc-vpn.org
Sun Jan 25 18:04:01 CET 2015 

On Sun, Jan 25, 2015 at 02:58:06PM +0100, Marco Avoledo wrote:

> HOST B:
> This host has a openwrt as gateway and I added few days ago as you
> suggested on freenode and this is HOST B Gateway route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         192.168.1.1     0.0.0.0         UG    10     0        0 eth2
> 192.168.1.0     0.0.0.0         255.255.255.0   U     10     0        0 eth2
> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
> 192.168.10.1    192.168.2.10    255.255.255.255 UGH   0      0        0 br-lan

Ok, the gateway route here only works for traffic going back to host A.
If you want other hosts on the VPN to also be able to talk to other
hosts on B's LAN, then you should change that last line to:

192.168.0.0     192.168.2.10    255.255.0.0     UGH   0      0        0 br-lan

> HOST C:
> Because of me thinking that those bridges on the gateway are messing
> something with my IP ranges I changed range to be 192.168.5.0/24
> so now host C has ip 192.168.5.10, this host uses openwrt ad gateway too,
> so I set up a static route as in HOST B and it looks like
> 
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> default         192.168.0.1     0.0.0.0         UG    0      0        0 wlan0
> 192.168.0.0     *               255.255.255.0   U     0      0        0 wlan0
> 192.168.5.0     *               255.255.255.0   U     0      0        0 br-lan
> 192.168.10.1    192.168.5.10    255.255.255.255 UGH   0      0        0 br-lan

Same here as above.

> From HOST A I can ping only 192.168.5.1 and 192.168.5.10 and here i'm lost
> about the WHY!

While pinging 192.168.5.x from host A, run tcpdump on eth0 of host C and
of 192.168.5.x. See if packets arrive at 192.168.5.x and if it sends
packets back, and whether those return packets make it to host C. Also
run tcpdump on all the interfaces of the gateway. Try to narrow down
exactly where packets disappear, that's the most likely place where
there is a problem.

Also check firewall rules on all devices involved in the packets' route,
so that includes host C, the gateway and the destination host. If you
changed the IP address range from 192.168.1.0/24 to 192.168.5.0/24, then
make sure you updated any firewall rules pertaining to that range as well.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150125/2735c81d/attachment.sig>

More information about the tinc mailing list