All,
I've set up tinc yesterday (Win32 -> Linux), the connection comes up but
I can't reach a host behind the tinc "Server".
Maybe I did something completely wrong, so let me first describe my
network....
The "Server" has multiple Interfaces, be we just care for two of them
here. One NIC "eth2" ist to the LAN (192.168.100.x/24) and the oher
one
is the "vpn" Interface.
What I want: When I connect via Internet to the tinc deamon on the
Server, I want to be someone with the IP 192.168.100.x/24. I've
organized the LAN so that 192.168.100.20/24 - 192.168.100.49/24 are
"reserved" for VPN Clients.
Is this possible? I guess I have some kind of routing problem, because
after the connection is up I have two routes for the net
192.168.100.0/24 on my server - one points to the vpn interface and one
to the eth interface.
Once again (if my english was too bad) ;-)
+------+ vpn = 192.168.100.20/32
| home | ppp = a.b.c.d (dynamic ip)
+------+
|
|
|
+--------+ vpn = 192.168.100.221/24
| office | ethX = 192.168.100.220/24
+--------+ ethY = w.x.y.z (static ip)
This is the config-file for my "office":
Address = w.x.y.z
Subnet = 192.168.100.0/24
This is the config-file for my "home":
Subnet = 192.168.100.20/32
Hope anyone can bring me in the right direction....
Thank you,
Michael
On Tue, Nov 09, 2004 at 01:50:45PM +0100, Michael Knigge wrote:> What I want: When I connect via Internet to the tinc deamon on the > Server, I want to be someone with the IP 192.168.100.x/24. I've > organized the LAN so that 192.168.100.20/24 - 192.168.100.49/24 are > "reserved" for VPN Clients. > > Is this possible? I guess I have some kind of routing problem, because > after the connection is up I have two routes for the net > 192.168.100.0/24 on my server - one points to the vpn interface and one > to the eth interface.Yes that is a problem. You can do what you want, but then you have to use proxy-arp or bridging. However, you could also give the VPN clients addresses from another subnet (for example, 192.168.101.0/24). The latter is much easier to set up, and recommended unless you have a very compelling reason to let the VPN clients use the same subnet as the server. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20041109/201f2304/attachment.pgp