Can Ping But No Web Interface

Aaron Savage radiosavagelists at gmail.com
Mon Jan 14 22:56:46 CET 2019 

Thank you for taking the time to respond to my email.  As of now, it is all
working.  I have cleaned up my host files and configuration files as well.
I did have one side to route through the box.  Add the rules on the other
side made it work like a charm.

Aloha!

On Fri, Jan 11, 2019 at 2:27 PM Naemr . <naemrr at gmail.com> wrote:

> Try removing all MTU related settings from both sides. Allow tinc to learn
> on its own.
>
> " PMTU = 1436
> ClampMSS = yes
> PMTUDiscovery = yes"
>
> in the config, " Address Family = ipv4" is likely not necessary, i would
> recommend removing it.
>
> " Device = /dev/net/tun" should not be used, unless tinc is having issues
> locating the tun device.
> however
> " DeviceType = tun"
> should be added, especialy as you have not declared an interface in the
> config
> eg: "Interface = tun6"
>
>
>
> Also Subnet = 192.168.0.10
> Is incomplete
>
> Subnet = 192.168.0.10/32
>
> Same for the .15 host
>
> A working setup of mine:
> tinc.conf;
> Name = ov1thaboxnet
> port = 655
> Interface = tun6
> DeviceType = tun
> ConnectTo = ov2thaboxnet
> Compression = 10
>
> ov1thaboxnet host file;
> Address = xxx.xxx.xxx.xxx 655
> Subnet = 192.168.66.1/32
>
> tinc.conf;
> Name = ov2thaboxnet
> port = 655
> Interface = tun6
> DeviceType = tun
> Compression = 10
>
> ov2thaboxnet host file;
> Address = 107.161.30.244 655
> Address = 107.161.30.244 443
> Subnet = 192.168.66.2/32
> Subnet = 10.111.42.0/24
>
>
>
>
>
> IP forwarding must be enabled as well
>
> sysctl -w net.ipv4.ip_forward=1
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> As it appears the tinc boxes are not the gateway machines for ether lan
> you may also need to nat lan traffic
>
> iptables -A FORWARD -i  $INTERFACE -j ACCEPT
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -t nat -A POSTROUTING -o  eth0 -j MASQUERADE
>
>
>
> On Fri, Jan 11, 2019, 3:46 PM Aaron Savage <radiosavagelists at gmail.com
> wrote:
>
>> Aloha!
>>
>> I am new to tinc and I like to figure out my own issues before asking but
>> I am not sure of my next step here.  I am not sure if the problem is the
>> VPN configuration or in my network.  I will try to be as through as
>> possible.
>>
>> I have two computers that are CentOS with the latest tinc from their
>> respective repositories.
>>
>> Server A is behind a Sophos XG and Server B is behind a Ubiquiti Edge
>> Router that I have no control over (Borrowing internet from colleague at
>> remote site).  I have the 655 port UDP/TCP open and mapped to Server A.  I
>> have added static rules for devices on the Server A network to talk to the
>> devices on the Server B network.  I can ping server to server with the tinc
>> addresses.  Server A 192.168.0.10 (tinc) 10.75.70.51 (eth0).  Server B
>> 192.168.0.15(tinc) 192.168.1.10 (eth0).  I can also ping devices on the
>> 10.75.70.0 network from Server B.  I can ping from the Sophos XG and a
>> Windows Server @ 10.75.70.50 as well to Server B at 192.168.0.15 and
>> 192.168.10.  I can also ping the device @ 192.168.1.15 which is on the
>> network eth0 of Server B.  So it seems the VPN connects and I can ping
>> across all the devices.  The problem is when I try to open a webpage across
>> the vpn.  It seem it will only let me open the webpage on
>> 10.75.70.51(Server A) from Server B.  I can also ssh to from Server B to
>> Server A so I know that tinc is working.  However, any device that I can
>> ping on the 10.75.70.X network other than Server A will not allow me to
>> open their webpages. When I try curl it will tell me "No Route to Host".
>> Which makes little sense because I am pinging between sites...unless I am
>> missing something bigger in all of this.
>>
>> My inital reason for wanting this connection was allow my server A to web
>> proxy a hardware device with a web interface on the remote 192.168.1x
>> network.  I can ping the device....I just can't open the web interface.  I
>> have looked the MTU and noticed that it fell apart anything above 1408.  I
>> did try setting some MTU setting but nothing has worked so I am here to ask
>> the experts.  However, I then looked at curl and realized the problem is
>> probably not MTU related.  I appreciate any thoughts and help.
>>
>> Here are my current configs:
>>
>> Server A Conf:
>> Name = serverA
>> Device = /dev/net/tun
>> Address Family = ipv4
>>
>> Server A host:
>> Address = xx.xx.xx.xx
>> Subnet = 192.168.0.10
>> Subnet = 10.75.70.0/24
>> PMTU = 1436
>> ClampMSS = yes
>> PMTUDiscovery =    yes
>>
>> Server A TincUp:
>> ip link set $INTERFACE up
>> ip addr add  192.168.0.10 dev $INTERFACE
>> ip route add 192.168.0.0/24 dev $INTERFACE
>> ip route add 192.168.1.0/24 dev $INTERFACE
>>
>> Server B Conf:
>> Name = khwisnmp
>> Device = /dev/net/tun
>> Address Family = ipv4
>> ConnectTo = librenms
>>
>> Server B host:
>> ubnet = 192.168.0.15
>> Subnet = 192.168.1.0/24
>> PMTU = 1436
>> ClampMSS = yes
>> PMTUDiscovery = yes
>>
>> Server B TincUP:
>> ip link set $INTERFACE up
>> ip addr add  192.168.0.15 dev $INTERFACE
>> ip route add 192.168.0.0/24 dev $INTERFACE
>> ip route add 10.75.70.0/24 dev $INTERFACE
>>
>> Aloha,
>> Aaron
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190114/c70be18a/attachment.html>

More information about the tinc mailing list