Can Ping But No Web Interface

Naemr . naemrr at gmail.com
Sat Jan 12 01:27:10 CET 2019 

Try removing all MTU related settings from both sides. Allow tinc to learn
on its own.

" PMTU = 1436
ClampMSS = yes
PMTUDiscovery = yes"

in the config, " Address Family = ipv4" is likely not necessary, i would
recommend removing it.

" Device = /dev/net/tun" should not be used, unless tinc is having issues
locating the tun device.
however
" DeviceType = tun"
should be added, especialy as you have not declared an interface in the
config
eg: "Interface = tun6"



Also Subnet = 192.168.0.10
Is incomplete

Subnet = 192.168.0.10/32

Same for the .15 host

A working setup of mine:
tinc.conf;
Name = ov1thaboxnet
port = 655
Interface = tun6
DeviceType = tun
ConnectTo = ov2thaboxnet
Compression = 10

ov1thaboxnet host file;
Address = xxx.xxx.xxx.xxx 655
Subnet = 192.168.66.1/32

tinc.conf;
Name = ov2thaboxnet
port = 655
Interface = tun6
DeviceType = tun
Compression = 10

ov2thaboxnet host file;
Address = 107.161.30.244 655
Address = 107.161.30.244 443
Subnet = 192.168.66.2/32
Subnet = 10.111.42.0/24





IP forwarding must be enabled as well

sysctl -w net.ipv4.ip_forward=1
echo 1 > /proc/sys/net/ipv4/ip_forward


As it appears the tinc boxes are not the gateway machines for ether lan you
may also need to nat lan traffic

iptables -A FORWARD -i  $INTERFACE -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o  eth0 -j MASQUERADE



On Fri, Jan 11, 2019, 3:46 PM Aaron Savage <radiosavagelists at gmail.com
wrote:

> Aloha!
>
> I am new to tinc and I like to figure out my own issues before asking but
> I am not sure of my next step here.  I am not sure if the problem is the
> VPN configuration or in my network.  I will try to be as through as
> possible.
>
> I have two computers that are CentOS with the latest tinc from their
> respective repositories.
>
> Server A is behind a Sophos XG and Server B is behind a Ubiquiti Edge
> Router that I have no control over (Borrowing internet from colleague at
> remote site).  I have the 655 port UDP/TCP open and mapped to Server A.  I
> have added static rules for devices on the Server A network to talk to the
> devices on the Server B network.  I can ping server to server with the tinc
> addresses.  Server A 192.168.0.10 (tinc) 10.75.70.51 (eth0).  Server B
> 192.168.0.15(tinc) 192.168.1.10 (eth0).  I can also ping devices on the
> 10.75.70.0 network from Server B.  I can ping from the Sophos XG and a
> Windows Server @ 10.75.70.50 as well to Server B at 192.168.0.15 and
> 192.168.10.  I can also ping the device @ 192.168.1.15 which is on the
> network eth0 of Server B.  So it seems the VPN connects and I can ping
> across all the devices.  The problem is when I try to open a webpage across
> the vpn.  It seem it will only let me open the webpage on
> 10.75.70.51(Server A) from Server B.  I can also ssh to from Server B to
> Server A so I know that tinc is working.  However, any device that I can
> ping on the 10.75.70.X network other than Server A will not allow me to
> open their webpages. When I try curl it will tell me "No Route to Host".
> Which makes little sense because I am pinging between sites...unless I am
> missing something bigger in all of this.
>
> My inital reason for wanting this connection was allow my server A to web
> proxy a hardware device with a web interface on the remote 192.168.1x
> network.  I can ping the device....I just can't open the web interface.  I
> have looked the MTU and noticed that it fell apart anything above 1408.  I
> did try setting some MTU setting but nothing has worked so I am here to ask
> the experts.  However, I then looked at curl and realized the problem is
> probably not MTU related.  I appreciate any thoughts and help.
>
> Here are my current configs:
>
> Server A Conf:
> Name = serverA
> Device = /dev/net/tun
> Address Family = ipv4
>
> Server A host:
> Address = xx.xx.xx.xx
> Subnet = 192.168.0.10
> Subnet = 10.75.70.0/24
> PMTU = 1436
> ClampMSS = yes
> PMTUDiscovery =    yes
>
> Server A TincUp:
> ip link set $INTERFACE up
> ip addr add  192.168.0.10 dev $INTERFACE
> ip route add 192.168.0.0/24 dev $INTERFACE
> ip route add 192.168.1.0/24 dev $INTERFACE
>
> Server B Conf:
> Name = khwisnmp
> Device = /dev/net/tun
> Address Family = ipv4
> ConnectTo = librenms
>
> Server B host:
> ubnet = 192.168.0.15
> Subnet = 192.168.1.0/24
> PMTU = 1436
> ClampMSS = yes
> PMTUDiscovery = yes
>
> Server B TincUP:
> ip link set $INTERFACE up
> ip addr add  192.168.0.15 dev $INTERFACE
> ip route add 192.168.0.0/24 dev $INTERFACE
> ip route add 10.75.70.0/24 dev $INTERFACE
>
> Aloha,
> Aaron
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190111/8e4c007b/attachment.html>

More information about the tinc mailing list