tinc - Jul 2003 - my two hosts don't see each other

Hi:

First of all, thanks for this great piece of software!

I found very clear the presentation sheets used at Linux Expo, 
Amsterdam. :-)

About my problem, I setup everything to connect our two boxes.
If I type 'ifconfig' I can see them up. Also the routes.

ISIvirtual
- Our firewall (iptables) which connects to the Internet through ADSL
  with a public dynamic IP. (the SSL client)

PAMvirtual
- Our webserver which is located at an external provider, with a
  public fixed IP. (the SSL server)

Interfaces get up at each host with IPs 10.10.10.2 and 10.10.10.1, but
if I try a 'ping' or an 'nmap' in any direction, they
doesn't seem to
find the other host. :-( 

Is it right for both virtual interfaces to have the same MAC? I suppose
it doesn't matter 'cause they don't share the same segment, but...

Thanks in advance for your help. I pasted their actual configuration
below.

PS:
a- I receive 'bogus packets' and have checked hosts files with md5sum
b- In both boxes I'm using Debian GNU/Linux stable + patches.

-
Roberto


### isivirtual start - client ##

-- /etc/tinc/intra2web/tinc.conf
Name = isivirtual
Device = /dev/net/tun
PrivateKeyFile = /etc/tinc/intra2web/rsa_key.priv
ConnectTo = pamvirtual

-- /etc/tinc/intra2web/tinc-up
ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
ifconfig $INTERFACE 10.10.10.2 netmask 255.255.0.0 -arp

-- /etc/tinc/intra2web/hosts/isivirtual
# dynamic IP, just for testing it wrote it by hand
Address = 200.63......	
Subnet = 10.10.10.0/24
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

######## isivirtual end ########


### pamvirtual start - server ##

-- /etc/tinc/intra2web/tinc.conf
Name = pamvirtual
Device = /dev/net/tun
PrivateKeyFile = /etc/tinc/intra2web/rsa_key.priv

-- /etc/tinc/intra2web/tinc-up
ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
ifconfig $INTERFACE 10.10.10.1 netmask 255.255.0.0 -arp

-- /etc/tinc/intra2web/hosts/pamvirtual
Address = 200.80......
Subnet = 10.10.10.0/24
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

######## pamvirtual end ########
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

On Thu, 10 Jul 2003, Roberto Meyer wrote:
> Interfaces get up at each host with IPs 10.10.10.2 and 10.10.10.1, but
> if I try a 'ping' or an 'nmap' in any direction, they
doesn't seem to
> find the other host. :-( 
Try changing the Subnet line in hosts/isivirtual (on both boxes) to Subnet
10.10.10.2/32 and the Subnet line in hosts/pamvirtual (on both boxes) to
Subnet = 10.10.10.1/32


Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

Jason <jason+tinclist@truedesign.com> wrote:
> Try changing the Subnet line in hosts/isivirtual (on both boxes) to Subnet
> 10.10.10.2/32 and the Subnet line in hosts/pamvirtual (on both boxes) to
> Subnet = 10.10.10.1/32
Sorry if this doesn't display as expected as I'm not subscribed to the
list.

I tried what you told me but it didn't worked.

At the 'PAMvirtual' I continue receiving this messages in the syslog:

...: Bogus data received from isivirtual ('real isivirtual IP' port
4381)
...: Bogus data received from isivirtual ('real isivirtual IP' port
4389)

Any idea of what it means?

The version I'm running is 1.0pre7-2, it's not 1.0pre8 but I suppose
it isn't a problem.

At 'ISIvirtual' (the DSL host with dynamic IP) I'm running iptables
as a
firewall. I added a rule to accept all incoming traffic from the other
host but nothing changed.

-
Roberto
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/