I'm having a bit of a problem getting tinc up and running between a pair of
RedHat (one 6.0, the other 6.1) boxes. It's installed and configured to the
point where they can connect, but I'm not seeing any traffic passing
between the two systems.
System A looks like -
tinc.conf:
# Sample tinc configuration.
# Insert your own ip numbers instead of the placeholders,
# and be sure to use your own passphrases.
# See man tinc.conf(5) tincd(8) genauth(8), info tinc and
# /usr/doc/tinc-1.0pre2/tinc.conf.sample
TapDevice = /dev/tap0
#ConnectTo = peer.real.ip.number
MyVirtualIP = 192.168.2.1/24
#AllowConnect = no
VpnMask = 255.255.255.0
ifconfig (eth0 is internal):
eth0 Link encap:Ethernet HWaddr 00:A0:24:81:B9:15
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:1090148 errors:1 dropped:1 overruns:0 frame:2
TX packets:1199574 errors:0 dropped:0 overruns:0 carrier:23
collisions:32828 txqueuelen:100
Interrupt:9 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:A0:C9:B4:6F:BB
inet addr:24.27.164.16 Bcast:255.255.255.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1355209 errors:1 dropped:0 overruns:0 frame:10
TX packets:1068137 errors:0 dropped:0 overruns:0 carrier:0
collisions:12215 txqueuelen:100
Interrupt:11 Base address:0xd800
tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Interrupt:5
route:
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
24.27.164.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 192.168.2.1 255.0.0.0 UG 0 0 0 tap0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 24.27.164.1 0.0.0.0 UG 0 0 0 eth1
Machine B looks like -
tinc.conf:
# Sample tinc configuration.
# Insert your own ip numbers instead of the placeholders,
# and be sure to use your own passphrases.
# See man tinc.conf(5) tincd(8) genauth(8), info tinc and
# /usr/doc/tinc-1.0pre2/tinc.conf.sample
TapDevice = /dev/tap0
ConnectTo = halsallnet.penguinpowered.com
MyVirtualIP = 10.254.1.9/32
AllowConnect = no
VpnMask = 255.0.0.0
ifconfig:
eth0 Link encap:Ethernet HWaddr 00:A0:24:15:B0:F9
inet addr:10.254.1.9 Bcast:10.254.1.11 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2421976 errors:0 dropped:0 overruns:0 frame:0
TX packets:1935417 errors:0 dropped:0 overruns:0 carrier:0
collisions:67520 txqueuelen:100
Interrupt:7 Base address:0x210
eth1 Link encap:Ethernet HWaddr 08:00:2B:BC:FE:18
inet addr:24.29.3.206 Bcast:24.29.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6478886 errors:0 dropped:0 overruns:0 frame:0
TX packets:2182964 errors:17543 dropped:0 overruns:0 carrier:0
collisions:14465 txqueuelen:100
Interrupt:5 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:255 errors:0 dropped:0 overruns:0 frame:0
TX packets:255 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:02
inet addr:10.254.1.9 Bcast:10.255.255.255 Mask:255.255.255.252
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Interrupt:5
route:
Destination Gateway Genmask Flags Metric Ref Use
Iface
10.254.1.9 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
24.29.3.206 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
10.254.1.8 0.0.0.0 255.255.255.252 U 0 0 0 eth0
10.254.1.8 0.0.0.0 255.255.255.252 U 0 0 0 tap0
192.168.2.0 10.254.1.9 255.255.255.0 UG 0 0 0 tap0
24.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
24.27.0.0 24.29.3.206 255.255.0.0 UG 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.254.1.10 0.0.0.0 UG 0 0 0 eth0
I do have ipchains scripts running on both ends, but seeing as how the
gateways can set up a connection, traffic should pass through them. tcpdump
reveals that echo requests get to tap0 on both ends, but no echo replies
are sent.
Any ideas where I screwed up?
Thanks for any help you can provide.
-Mark
--
Mark Halsall mark@hccanet.org
Internet Specialist, Hamilton/Clermont Cooperative Association
(513) 931-7120, x20
Personal email should go to <mailto:spanner@cinci.rr.com>.
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
On Thu, Aug 03, 2000 at 12:52:45PM -0500, Ivo Timmermans wrote:> I'm having a bit of a problem getting tinc up and running between a pair of > RedHat (one 6.0, the other 6.1) boxes. It's installed and configured to the > point where they can connect, but I'm not seeing any traffic passing > between the two systems. > > MyVirtualIP = 192.168.2.1/24this needs to be: MyVirtualIP = 192.168.2.1/16> route: > Destination Gateway Genmask Flags Metric Ref Use > Iface > 192.168.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 > 24.27.164.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 10.0.0.0 192.168.2.1 255.0.0.0 UG 0 0 0 tap0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 24.27.164.1 0.0.0.0 UG 0 0 0 eth1not sure about the routing table.. should work ok but using 2 different classes seems hoaky to me.. maybe the solutions i'm providing will make it work right heh, as routing seems to look ok, i'm just not used to something as weird looking as this one :)> Machine B looks like - > tinc.conf: > ConnectTo = halsallnet.penguinpowered.comi tend to find it easier to specify the actual ip here, so that you don't have to wait for any name resolution to take place (and therefore speed things up just a tad)> MyVirtualIP = 10.254.1.9/32ok, now i KNOW this one is wrong, it was documented in an earlier post to this list... iirc (and i might not), try this: MyVirtualIP = 10.254.1.9/24 And on a side note, you do not have to bind either of these IP's to any real ethernet device. tap0 will suffice.. binding them to real ethernet devices seems sort of redundant and risky. -- .oO Gnea [gnea at rochester dot rr dot com] Oo. .oO url: http://garson.org/~gnea Oo. "You can tune a filesystem, but you can't tuna fish." -unknown - Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/