search for: vpn_gateway

Hi Guus, Am Freitag, den 25.09.2015, 17:04 +0200 schrieb Guus Sliepen: > Ok, that means by default the UDP NAT timeout on the Cisco is extremely > short. > > > I check the manual of the the Cisco NAT for any TCP/UDP > > timeout settings, but there is no way to modify anything like "keeps > > TCP/UDP connections alive". > > It wouldn't be called

...ulate UDP to him as the next step to relay Interestingly, earlier I check the below post for my setup, but now I found, the configuration can be simplified into, because tinc-up will make the 172.16.1.0/24 to $INTERFACE, and for those two default routes, the via is not required as well: #!/bin/sh VPN_GATEWAY=172.16.1.1 ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY ip route add $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE https://ww...

...the host and all traffic is running through the host, which is > working as NAT itself for accessing the internet (internet > proxy/gateway). > > On each client this script is executed, when starting the tunnel > connection to the host: > > --------- > #!/bin/sh > > VPN_GATEWAY=10.20.0.1 > ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` > > ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY > ip route add $VPN_GATEWAY dev $INTERFACE > ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE > ip route add 128.0.0.0/1 via $VPN_GATEW...

...lem out. The clients behind the local NAT connect the host and all traffic is running through the host, which is working as NAT itself for accessing the internet (internet proxy/gateway). On each client this script is executed, when starting the tunnel connection to the host: --------- #!/bin/sh VPN_GATEWAY=10.20.0.1 ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY ip route add $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE --------- I...

...routed setup, then all I need to add isip route add 0.0.0.0/1 dev $INTERFACE ip route add 128.0.0.0/1 dev $INTERFACE which doesn't work. my tinc-up looks like this #!/bin/bash ip link  set $INTERFACE up ip addr  add 192.168.60.27/24 dev $INTERFACE ip route add 192.168.14.0/24 dev $INTERFACE #VPN_GATEWAY=192.168.60.27 #ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` #ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY #ip route add $VPN_GATEWAY dev $INTERFACE #ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE #ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip...

quoted from http://www.tinc-vpn.org/examples/redirect-gateway/ "In fact, one does not have to set the VPN_GATEWAY variable at all. In switch mode, the gateway routes are necessary" i don't get it. it's is too short to understand. is VPN_GATEWAY set by tinc in switch mode? and why is "In switch mode, the gateway routes are necessary" mentioned here suddenly? afaik, Subnet is announce by...

...sent to the same node. > Interestingly, earlier I check the below post for my setup, but now I found, the configuration can be simplified into, because tinc-up will make the 172.16.1.0/24 to $INTERFACE, and for those two default routes, the via is not required as well: > > #!/bin/sh > VPN_GATEWAY=172.16.1.1 > ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` > > ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY > ip route add $VPN_GATEWAY dev $INTERFACE > ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE > ip route add 128.0.0.0/1 via $VPN_GATE...

I have been delighted by tinc. Building a mesh like I need would have been horrible in OpenVPN. tinc makes it easy. I decided to share a workaround for a problem that's been vexing me. Either I'm being dumb (and can do this better with a hint) or this is something others might need. I've been moving a bunch of services from our university to Amazon (EC2). To do this, I bring

Sure, let me reply all here for my finding. @Lars @Guus A’s tinc.conf: Name = bright AddressFamily = ipv4 ConnectTo = aly_hk A’s tinc-up: #!/bin/sh ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0 A’s host config: Subnet = 10.0.0.110/32 (VPN address) Subnet = 192.168.31.0/24 (LAN address) IndirectData = yes (enabled for every tinc nodes) The node aly_hk (vpn address 10.0.0.3) connects with

...tion is to put > tinc's routing in a new table with higher priority: > > # Use new routing table 100, to have higher priority than lollipop's ones > ip rule add prio 100 from all lookup 100 > ip route add table 100 $REMOTEADDRESS $ORIGINAL_GATEWAY > ip route add table 100 $VPN_GATEWAY dev $INTERFACE > > > I've updated the examples from Tinc GUI's documentation accordingly: > http://tinc_gui.poirsouille.org/ > > Hope this helps, > V > > 2015-03-27 15:38 GMT+01:00 Andrea Squeri <andrea.squeri at gmail.com>: > >> I switch to lollipo...

...), and thus the simplest solution is to put tinc's routing in a new table with higher priority: # Use new routing table 100, to have higher priority than lollipop's ones ip rule add prio 100 from all lookup 100 ip route add table 100 $REMOTEADDRESS $ORIGINAL_GATEWAY ip route add table 100 $VPN_GATEWAY dev $INTERFACE I've updated the examples from Tinc GUI's documentation accordingly: http://tinc_gui.poirsouille.org/ Hope this helps, V 2015-03-27 15:38 GMT+01:00 Andrea Squeri <andrea.squeri at gmail.com>: > I switch to lollipop 4 months ago and I never had issue. So for my o...

I switch to lollipop 4 months ago and I never had issue. So for my opinion it is ready for daily use. Before try tinc I had my vpn implemented with openvpn, and it works great on lollipop. I switch to tinc because i prefer a mash vpn topology versus a client/server topology. -- Andrea Squeri Inviato con Sparrow (http://www.sparrowmailapp.com/?sig) Il giorno venerd? 27 marzo 2015, alle ore