Bridging local physical interface to tinc
Alexander Donets
alex at dreamisdead.tk
Sat Aug 18 12:36:39 CEST 2018
I can’t seem to find info about layer 2 tinc tap interface bridge with local physical nic.
I have successfully created two nodes configuration with tinc acting as switch.
My problem is ethernet packets only flow between two nodes and not to hosts on bridged nic.
Example:
Server 1 - eth0 bridged with tinc tap device, then bridge gets IP via dhcp server on physical nic subnet.
Server 2 - local virtual VM tap device bridged with tinc tap device.
Server 2 can’t discover dhcp on Server 1 physical network, however Server 2 sees Server 1 directly.
(Bridge sort of working. I can manually set IP on VM tap device on Server 2 and ping Server 1 IP)
However I can’t ping any devices on Server 1 network, like layer 2 packets for them are discarded.
I still see these packets in tinc debug.
It is probably not tinc fault but some tweaking needs to be done to bridge.
Still maybe some examples for such use case will be good for tinc vpn project.
Below is my config:
Server 1 /etc/network/interfaces
-----------------------------------------------------
root at debianserver:~# cat /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# Local physical nic - bridge to br0
auto eth0
iface eth0 inet manual
# Bridge for physical nic and tinc (on tinc-up will add tinc tap device here)
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_waitport 0
bridge_fd 0
Server 1 /etc/tinc/netname/tinc.conf
-----------------------------------------------------
root at debianserver:~# cat /etc/tinc/netname/tinc.conf
Name = debianserver
AddressFamily = ipv4
Mode = switch
ConnectTo = hetznerpve
Compression = 0
PMTU = 1492
PMTUDiscovery = yes
Server 1 /etc/tinc/netname/tinc-up
-----------------------------------------------------
#!/bin/sh
brctl addif br0 $INTERFACE
ip link set dev $INTERFACE up
Server 1 /etc/tinc/netname/tinc-down
-----------------------------------------------------
#!/bin/sh
ip link set dev $INTERFACE down
brctl delif br0 $INTERFACE
Server 2 /etc/network/interfaces
-----------------------------------------------------
root at pve:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface enp2s0 inet manual
# Public network IP (enp2s0 interface bridge)
auto vmbr0
iface vmbr0 inet static
address 88.198.xx.xxx
netmask 255.255.255.224
gateway 88.198.xx.xxx
bridge_ports enp2s0
bridge_stp off
bridge_fd 0
# Bridge for VM private network
# (on vm stratup will add VM tap device here and on tinc-up will add tinc tap device here)
auto vmbr2
iface vmbr2 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
Server 2 /etc/tinc/netname/tinc.conf
-----------------------------------------------------
root at pve:~# cat /etc/tinc/netname/tinc.conf
Name = hetznerpve
AddressFamily = ipv4
Mode = switch
ConnectTo = debianserver
Compression = 0
PMTU = 1492
PMTUDiscovery = yes
Server 2 /etc/tinc/netname/tinc-up
-----------------------------------------------------
#!/bin/sh
brctl addif vmbr2 $INTERFACE
ip link set dev $INTERFACE up
Server 2 /etc/tinc/netname/tinc-down
-----------------------------------------------------
#!/bin/sh
ip link set dev $INTERFACE down
brctl delif vmbr2 $INTERFACE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180818/2e18a53e/attachment.sig>
More information about the tinc
mailing list