Bridging local physical interface to tinc

[Alexander Donets]

Thanks, I looked into it but both hosts have it disabled.

Server 1 (debian) is actually a VM running on hyper-v on windows host, host nic is then bridged with VM

and VM then bridges it to tinc <- here I think some problem happened

Server 2 (debian) is actually a host running on debian (proxmox), and have private virtual nic bridged with tinc for VMs there.

I figured out that this is very overcomplicated setup, and to simplify things I moved tinc on Server 1
from VM to hyper-V host, since tinc supports windows, then I bridged tinc tap device and host nic directly.

Voila! Problem solved. I see packets on both hosts bridged lans.
Speed is decent, I’m not expecting wonders here since its layer 2 vpn network.
I’m using old stable tinc tho from debian repositories with RSA keys, maybe there were some speed improvements to get on 1.1

So yeah, problem was with bridge and not tinc fault, actually I don’t think one can configure tinc wrong.
Tinc is very easy to setup! Thanks everyone involved for making such great vpn software!


> 18 Aug 2018 г., 19:15, Lars Kruse <lists at sumpfralle.de> :
> 
> Hello Alexander,
> 
> 
> Am Sat, 18 Aug 2018 13:36:39 +0300
> schrieb Alexander Donets <alex at dreamisdead.tk>:
> 
>> I can’t seem to find info about layer 2 tinc tap interface bridge with local physical nic.
> 
> just wild guessing: maybe you need to add explicit firewall rules for allowing
> the flow of traffic over the bridge?
> Or maybe disable filtering over the bridge via sysctl?
> net.bridge.bridge-nf-call-iptables=0
> net.bridge.bridge-nf-call-ip6tables=0
> (see "grep . /proc/sys/net/bridge/bridge-nf-call-*")
> 
> Cheers,
> Lars
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180819/4112794a/attachment.sig>