Hello! I have recently installed tinc on a linux 2.4 machine which has 192.168.0.0/24 private network connected to eth0 and registered ip on eth1. I also installed tinc on Windows 2000 machine on a remote location. for this moment I can establish connection, on Linux machine tincd says: Sep 26 21:10:50 hostname tinc.gscvpn[483]: Node home (y.y.y.y port 655) became reachable But i cant ping from either side, though i get this messages: Sep 26 21:05:24 hostname tinc.gscvpn[483]: Got PING from home (y.y.y.y port 3828): 8 Sep 26 21:05:24 hostname tinc.gscvpn[483]: Sending PONG to home (y.y.y.y hostname 3828): 9 Sep 26 21:05:24 hostname tinc.gscvpn[483]: Sending 2 bytes of metadata to home (y.y.y.y port 3828) Sep 26 21:06:32 hostname tinc.gscvpn[483]: Sending PING to home (y.y.y.y port The windows machine seems to get no packets at all. Could you please give a clue what is going on? Regards
On Sun, Sep 26, 2004 at 11:38:53PM +0400, David Chkhikvadze wrote:> I have recently installed tinc on a linux 2.4 machine which has > 192.168.0.0/24 private network connected to eth0 and registered ip on eth1. > I also installed tinc on Windows 2000 machine on a remote location. > > for this moment I can establish connection, on Linux machine tincd says: > > Sep 26 21:10:50 hostname tinc.gscvpn[483]: Node home (y.y.y.y port 655) > became reachable > > But i cant ping from either side, though i get this messages:[...]> The windows machine seems to get no packets at all. > > Could you please give a clue what is going on?I need to see your config files and the output of tincd -n <netname> -d5 -D to get an idea of what is going on. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20040926/cfc9ce11/attachment.pgp
Thank you for response! Here is my configuration: tinc version 1.0.2 on both sides [ Linux ] /etc/tinc/vpn/tinc.conf: Name = linux ConnectTo = windows Device = /dev/net/tun Mode = router TCPonly = yes AddressFamily = ipv4 /etc/tinc/vpn/tinc-up #!/bin/sh ifconfig $INTERFACE 192.168.0.97 netmask 255.255.255.224 /etc/tinc/vpn/hosts/linux: Address = 62.168.172.147 Subnet = 192.168.0.96/27 ... /etc/tinc/vpn/hosts/windows: Address = 62.168.172.149 Subnet = 192.168.0.130/32 ... tincd -n vpn -d5 -D: Connection from 62.168.172.149 port 1378 Sending ID to (null) (62.168.172.149 port 1378): 0 linux 17 Sending 11 bytes of metadata to (null) (62.168.172.149 port 1378) Got ID from (null) (62.168.172.149 port 1378): 0 windows 17 Sending METAKEY to windows (62.168.172.149 port 1378): 1 94 64 0 0 21B1D0F95F94278F380F0EF6BE7A1293B68882DF9150 842F3062EA5B6C011293CB6129801589FA402BC5C0795C3059BA1E1678D73DF19F5CEB8823161DCA1B121E91845D4E15AA172E3BBD4ABFF AD83209D33B4B8A9E6B33B21EFB0EA190AC691B288E254AE38BD71A31F0F8A9816D8A1A8B008EB55CCCED02503D775E99F7A4 Sending 269 bytes of metadata to windows (62.168.172.149 port 1378) port 655: Name or service not known Could not set up a meta connection to windows Trying to re-establish outgoing connection in 10 seconds Got METAKEY from windows (62.168.172.149 port 1378): 1 94 64 0 0 58A8D9C8ABC2478716400F8D2871888F9B9DB79D2725A1 F3B0C916CE092A10EFD92CFA30F4AA4D47F33D4AB34DDE0F0E7DFDE2A427ABDB8EA4AC84D8D8889142EE7A497728C26AAE02FC152D2FE0D 4F15B765FFB87757937F2BCE48323D282FD7A48468EA1D86CDD160FF615FEF7778073E504A5A7E71B790D29A60BA7757532 Sending CHALLENGE to windows (62.168.172.149 port 1378): 2 C4B5BF7569BDC8420C107940D5C655EA7D2066C1B6B49AEB38CE 7C3A345E31746CBEEFC381ECEF0ABDE685E2E5FEA4483FE54B4C59641B38255D1C2496BCC30A4E57D8591582378C7811613AF9B6DF47DF4 556AF5D491398A7C2B8FBE1C34BC4505BFA5A62CC314F268763ACF202C0F7C66E99AC17E14A7254BF08437C56D54F Sending 259 bytes of metadata to windows (62.168.172.149 port 1378) Got CHALLENGE from windows (62.168.172.149 port 1378): 2 D27779D569CE30C3F0B5D880A0040088B345DE63E398657674FA9B B546CA6BADC0ACC2A41016D77A3BCEA614CC142CC4F17B63FA0DB1532C11E86B29556B50ED9288ACED9B682B9237B85159E86300B4F73A3 B604675714090C4892E174FCF0B09A0446618428BD4D7DBDB2BB44A475994BA200239CFA93961062C87454826A3 Sending CHAL_REPLY to windows (62.168.172.149 port 1378): 3 07427CDFB76229D5CE62D0EBE9E9A1C399EE5C6A Sending 43 bytes of metadata to windows (62.168.172.149 port 1378) Got CHAL_REPLY from windows (62.168.172.149 port 1378): 3 F2357B41A635F3847CFFFD9BFAEED662B3CAEE6C Sending ACK to windows (62.168.172.149 port 1378): 4 655 38 3 Sending 11 bytes of metadata to windows (62.168.172.149 port 1378) Got ACK from windows (62.168.172.149 port 1378): 4 655 0 3 Connection with windows (62.168.172.149 port 1378) activated Sending ADD_SUBNET to windows (62.168.172.149 port 1378): 10 49295c9b linux 192.168.0.96/27 Sending 34 bytes of metadata to windows (62.168.172.149 port 1378) Sending ADD_EDGE to everyone (BROADCAST): 12 5c155a78 linux windows 62.168.172.149 655 3 19 Sending 50 bytes of metadata to windows (62.168.172.149 port 1378) Got ADD_SUBNET from windows (62.168.172.149 port 1378): 10 b209cc16 windows 192.168.0.130/32 Forwarding ADD_SUBNET from windows (62.168.172.149 port 1378): 10 b209cc16 windows 192.168.0.130/32 Got ADD_EDGE from windows (62.168.172.149 port 1378): 12 13808f95 windows linux 62.168.172.147 655 3 19 Forwarding ADD_EDGE from windows (62.168.172.149 port 1378): 12 13808f95 windows linux 62.168.172.147 655 3 19 Node windows (62.168.172.149 port 655) became reachable Already connected to windows Got PING from windows (62.168.172.149 port 1378): 8 Sending PONG to windows (62.168.172.149 port 1378): 9 Sending 2 bytes of metadata to windows (62.168.172.149 port 1378) [ windows ] tinc.conf: Name = windows ConnectTo = linux Interface = VPN Mode = router TCPonly = yes AddressFamily = ipv4 /etc/tinc/vpn/hosts/linux: Address = 62.168.172.147 Subnet = 192.168.0.96/27 ... /etc/tinc/vpn/hosts/windows: Address = 62.168.172.149 Subnet = 192.168.0.130/32 ... VPN interface is set to: 192.168.0.130 netmask 255.255.255.224 Can't figure out what is wrong :( Please, help me understand what I configured incorrectly. Regards -- David Chkhikvadze davidck@gsc.gov.ge
>>You have to change 255.255.255.224 to 255.255.255.0 on both sides.OK, I did it but nothing chainged. I get same exact output from tinc -n vpn -d5 -D. maybe something else? this is output of route -F: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 62.168.172.144 * 255.255.255.248 U 0 0 0 eth1 localnet * 255.255.255.0 U 0 0 0 eth0 localnet * 255.255.255.0 U 0 0 0 vpn default 62.168.172.145 0.0.0.0 UG 0 0 0 eth1 and ifconfig: eth0 Link encap:Ethernet HWaddr 00:10:E0:05:59:28 inet addr:192.168.0.248 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:52698 errors:0 dropped:0 overruns:0 frame:0 TX packets:19584 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4484013 (4.2 MiB) TX bytes:15562435 (14.8 MiB) Interrupt:11 eth1 Link encap:Ethernet HWaddr 00:10:E0:05:59:29 inet addr:62.168.172.147 Bcast:62.255.255.255 Mask:255.255.255.248 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:64599 errors:0 dropped:0 overruns:0 frame:0 TX packets:43035 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5417017 (5.1 MiB) TX bytes:8947195 (8.5 MiB) Interrupt:10 Base address:0x2000 vpn Link encap:Point-to-Point Protocol inet addr:192.168.0.97 P-t-P:192.168.0.97 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) I have no iptables rules active and firewall policy is set to accept. Regards -- David Chkhikvadze davidck@gsc.gov.ge
>Aha. Everything for localnet now goes to eth0, never to vpn. You have to >make sure your routing table sends those packets to the vpn interface >that should go to the other side.Sure! #route add -host 192.168.0.130 dev vpn Pings go both sides now :) Thank you for help! Regards -- David Chkhikvadze davidck@gsc.gov.ge
>>this is output of route -F: >> >>Kernel IP routing table >>Destination Gateway Genmask Flags Metric Ref UseIface>>62.168.172.144 * 255.255.255.248 U 0 0 0eth1>>localnet * 255.255.255.0 U 0 0 0eth0>>localnet * 255.255.255.0 U 0 0 0 vpn >>default 62.168.172.145 0.0.0.0 UG 0 0 0eth1> > >Aha. Everything for localnet now goes to eth0, never to vpn. You have to >make sure your routing table sends those packets to the vpn interface >that should go to the other side. >As I already said I added: #route add -host 192.168.0.130 dev vpn on linux box and now linux and windows can ping each other, but no other machine on 192.168.0.0/24 can ping 192.168.0.130 (windows) and and windows can't ping any other host on 192.168.0.0/24 except linux. I really need windows to see other hosts on the network. please tell me what else I need to configure for this to work. Regards -- David Chkhikvadze davidck@gsc.gov.ge