thr3ads.net - tinc - TINC 1.0pre2: unable to access one private network (fwd) [Jun 2000]

If this information is useful, please help other people find it:
Share via:
Guus Sliepen
2000-Jun-12 15:45 UTC
TINC 1.0pre2: unable to access one private network (fwd)

Voor de duidelijkheid...

---------- Forwarded message ----------
Date: Sun, 11 Jun 2000 16:14:37 -0500
From: gbarnett <gbarnett@satx.rr.com>
To: guus@sliepen.warande.net
Subject: TINC 1.0pre2: unable to access one private network

Guus... I couldn't seem to get this to the mail list... could you post it
and/or answer it for me?

Thx.


I have been having problems configuring TINC properly.

SCENARIO:
--------------
I have two linux boxes (A and B), each with one private network and one
routable IP address (2 NICs).  They are both running ipchains and
masquarading very stable.  I start tincd on A with no ConnectTo variable
set.  I start tincd on B with a ConnectTo of the routable IP
address of A.
A review of the var/log/messages shows the connection come up on both
systems.  Now, B can ping A's tap address, and the private
network behind A.
:-)  But A can only ping B's tap address, NOT the private
network behind B.
:-(  When the roles of server A and B are reversed, the same thing
happens... A can get to the private network behind B, but B
cannot get to
the private network behind A.


CONFIGURATION:
----------------------
For server A:
ifconfig :
	eth0 1.2.3.4/24
	eth1 10.69.69.69/29 broadcast 10.69.69.71
	tap0 10.69.69.69/24 broadcast 10.69.69.255 HWaddr
fe:fd:0a:45:45:45

route:
	10.69.69.64	*	255.255.255.248	eth1
	10.69.69.0	*	255.255.255.0		tap0
	1.2.3.0		*	255.255.255.0		eth0

2.3.4.5/tinc.conf
	MyVirtualIP = 10.69.69.69/32
	TapDevice = /dev/tap0
	VPNMask = 255.255.255.0

For server B:
ifconfig :
	eth0 2.3.4.5/24
	eth1 10.69.69.73/29 broadcast 10.69.69.79
	tap0 10.69.69.73/24 broadcast 10.69.69.255 HWaddr
fe:fd:0a:45:45:49

route:
	10.69.69.72	*	255.255.255.248	eth1
	10.69.69.0	*	255.255.255.0		tap0
	2.3.4.0		*	255.255.255.0		eth0

1.2.3.4/tinc.conf
	ConnectTo = 1.2.3.4
	MyVirtualIP = 10.69.69.73/32
	TapDevice = /dev/tap0
	VPNMask = 255.255.255.0


TROUBLESHOOTING:
--------------------------
Ping from B to 10.69.69.69: (A's internal IP address)
	Packet Log on B:
		output	ACCEPT	tap0	PROTO=1	10.69.69.73:8
10.69.69.69:0
		output	ACCEPT	eth0	PROTO=17
2.3.4.5:1100	1.2.3.4:655
		input	ACCEPT	eth0	PROTO=17
1.2.3.4:1054	2.3.4.5:655
		input	ACCEPT	tap0	PROTO=1	10.69.69.69:0
10.69.69.73:0
		output	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655
	Packet Log on A
		input	ACCEPT	eth0	PROTO=17
2.3.4.5:1100	1.2.3.4:655
		input	ACCEPT	tap0	PROTO=1	10.69.69.73:8
10.69.69.69:0
		output	ACCEPT	tap0	PROTO=1	10.69.69.69:0
10.69.69.73:0
		output	ACCEPT	eth0	PROTO=17
1.2.3.4:1054	2.3.4.5:655
		input	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655

Ping from B to 10.69.69.70: (a computer on A's private network)
	Packet Log on B:
		output	ACCEPT	tap0	PROTO=1	10.69.69.73:8
10.69.69.70:0
		output	ACCEPT	eth0	PROTO=17
2.3.4.5:1100	1.2.3.4:655
		input	ACCEPT	eth0	PROTO=17
1.2.3.4:1054	2.3.4.5:655
		input	ACCEPT	tap0	PROTO=1	10.69.69.70:0
10.69.69.73:0
		output	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655
	Packet Log on A
		input	ACCEPT	eth0	PROTO=17
2.3.4.5:1100	1.2.3.4:655
		input	ACCEPT	tap0	PROTO=1	10.69.69.73:8
10.69.69.70:0
		forward	ACCEPT	eth1	PROTO=1	10.69.69.73:8
10.69.69.70:0
		forward	ACCEPT	tap0	PROTO=1	10.69.69.70:0
10.69.69.73:0
		output	ACCEPT	tap0	PROTO=1	10.69.69.70:0
10.69.69.73:0
		output	ACCEPT	eth0	PROTO=17
1.2.3.4:1054	2.3.4.5:655
		input	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655

Ping from A to 10.69.69.73: (B's internal IP address)
	Packet Log on A:
		output	ACCEPT	tap0	PROTO=1	10.69.69.69:8
10.69.69.73:0
		output	ACCEPT	eth0	PROTO=17
1.2.3.4:1054	2.3.4.5:655
		input	ACCEPT	eth0	PROTO=17
2.3.4.5:1100	1.2.3.4:655
		input	ACCEPT	tap0	PROTO=1	10.69.69.73:0
10.69.69.69:0
		input	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655
		input	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655
	Packet Log on B
		input	ACCEPT	eth0	PROTO=17
1.2.3.4:1054	2.3.4.5:655
		input	ACCEPT	tap0	PROTO=1	10.69.69.69:8
10.69.69.73:0
		output	ACCEPT	tap0	PROTO=1	10.69.69.73:0
10.69.69.69:0
		output	ACCEPT	eth0	PROTO=17
2.3.4.5:1100	1.2.3.4:655
		output	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655
		output	ACCEPT	eth0	PROTO=6	2.3.4.5:2614
1.2.3.4:655

Ping from A to 10.69.69.74: (a computer on B's private network)
	Packet log on A:
		output	ACCEPT	tap0	PROTO=1	10.69.69.69:8
10.69.69.74:0
	Packet Log on B
		<nothing>

NOTES:
---------
 - When B is set to wait for a connection, and A is set to
ConnectTo B, B
cannot ping a computer on A's private network.
 - My ipchains is set up to log every denied/rejected packet, along with
several accepted packets (as shown above), and I haven't seen any denied
packets to indicate a problem with the firewall.
 - It doesn't appear that the packet in "ping from A to
10.69.69.74" above
is ever encapsulated into UDP, since it is never sent to eth0.


Thanks in advance for any help you have for me.  (I'm sure I probably
overlooked the most obvious thing... :)  )

Greg Barnett

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/
Reasonably Related Threads

Search for more maybe matching threads
tinc - Jun 2000 - TINC 1.0pre2: unable to access one private network (fwd)

TINC 1.0pre2: unable to access one private network (fwd)

Reasonably Related Threads

Wisdom of the Ancients
