Can Ping But No Web Interface

Aaron Savage radiosavagelists at gmail.com
Thu Jan 10 05:30:44 CET 2019 

Aloha!

I am new to tinc and I like to figure out my own issues before asking but I
am not sure of my next step here.  I am not sure if the problem is the VPN
configuration or in my network.  I will try to be as through as possible.

I have two computers that are CentOS with the latest tinc from their
respective repositories.

Server A is behind a Sophos XG and Server B is behind a Ubiquiti Edge
Router that I have no control over (Borrowing internet from colleague at
remote site).  I have the 655 port UDP/TCP open and mapped to Server A.  I
have added static rules for devices on the Server A network to talk to the
devices on the Server B network.  I can ping server to server with the tinc
addresses.  Server A 192.168.0.10 (tinc) 10.75.70.51 (eth0).  Server B
192.168.0.15(tinc) 192.168.1.10 (eth0).  I can also ping devices on the
10.75.70.0 network from Server B.  I can ping from the Sophos XG and a
Windows Server @ 10.75.70.50 as well to Server B at 192.168.0.15 and
192.168.10.  I can also ping the device @ 192.168.1.15 which is on the
network eth0 of Server B.  So it seems the VPN connects and I can ping
across all the devices.  The problem is when I try to open a webpage across
the vpn.  It seem it will only let me open the webpage on
10.75.70.51(Server A) from Server B.  I can also ssh to from Server B to
Server A so I know that tinc is working.  However, any device that I can
ping on the 10.75.70.X network other than Server A will not allow me to
open their webpages. When I try curl it will tell me "No Route to Host".
Which makes little sense because I am pinging between sites...unless I am
missing something bigger in all of this.

My inital reason for wanting this connection was allow my server A to web
proxy a hardware device with a web interface on the remote 192.168.1x
network.  I can ping the device....I just can't open the web interface.  I
have looked the MTU and noticed that it fell apart anything above 1408.  I
did try setting some MTU setting but nothing has worked so I am here to ask
the experts.  However, I then looked at curl and realized the problem is
probably not MTU related.  I appreciate any thoughts and help.

Here are my current configs:

Server A Conf:
Name = serverA
Device = /dev/net/tun
Address Family = ipv4

Server A host:
Address = xx.xx.xx.xx
Subnet = 192.168.0.10
Subnet = 10.75.70.0/24
PMTU = 1436
ClampMSS = yes
PMTUDiscovery =    yes

Server A TincUp:
ip link set $INTERFACE up
ip addr add  192.168.0.10 dev $INTERFACE
ip route add 192.168.0.0/24 dev $INTERFACE
ip route add 192.168.1.0/24 dev $INTERFACE

Server B Conf:
Name = khwisnmp
Device = /dev/net/tun
Address Family = ipv4
ConnectTo = librenms

Server B host:
ubnet = 192.168.0.15
Subnet = 192.168.1.0/24
PMTU = 1436
ClampMSS = yes
PMTUDiscovery = yes

Server B TincUP:
ip link set $INTERFACE up
ip addr add  192.168.0.15 dev $INTERFACE
ip route add 192.168.0.0/24 dev $INTERFACE
ip route add 10.75.70.0/24 dev $INTERFACE

Aloha,
Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190109/4aeaaef6/attachment-0001.html>

More information about the tinc mailing list