I would like to clarify the email I sent yesterday.
There are two ethernet segments in two different cities that I would
like to operate as one logical network. Both physical lans have a
switch/hub, a gateway with one external IP address that NATs traffic
and can port forward tinc ports to the internal debian stable machine
(where tinc is run), various client computers ('c' in the diagram
below) and the aforementioned debian/stable server ('ds' in the
diagram below).
Crude ASCII diagram:
hub --------------NAT-ing gateway -------------
INTERNET---------------NATing gateway--------------hub
/ / \
\
/ / \ \
| | |
|
| | | |
c c c
ds
c c c ds
I would like to forward UDP and possibly IPX between the two
networks, so I thought it was necessary to bridge the networks
together. The machines ('c' in the above diagram) that need to
communicate with each other will be assigned a common IP network for
UDP, and will send and receive all packets on the local segment,
completely ignorant that the machine it may be talking to is not
actually on the same physical ethernet segment.
Both debian/stable machines will bind the ethernet NIC and the VPN
tunnel (which connects the two debian/stable machines) to a bridge,
and route packets as necessary based on ethernet mac addresses.
This setup is like the example configuration on the tinc web page:
http://www.tinc-vpn.org/examples/bridging
and the two tinc daemons establish their connections (meta and data).
Both ends send out the proper packets on the vpn tunnel, and although
the data is received, it doesn't make it up the stack. tcpdump on
either end of the tunnel shows only outbound data.
It appears that the configuration is correct, but the daemon is at
fault. Specifically, it appears to be a known issue with tinc 1.0.3,
and the solution is to move to 1.0.4:
http://brouwer.uvt.nl/pipermail/tinc/2006-January/001497.html
Unfortunately that version is not available in debian/stable.
I'm looking for solutions to 'port' the tinc 1.0.4 daemon to debian/
stable, or use a different tool to achieve the same objective (which
is to logically link/bridge the two segments together).
Anyone have any thoughts on the matter?
Thanks,
Christian.
On Thu, Aug 31, 2006 at 01:16:35PM -0400, mooshii wrote:> I would like to forward UDP and possibly IPX between the two > networks, so I thought it was necessary to bridge the networks > together.You don't need to bridge for unicast UDP, but for broadcast packets and IPX you indeed have to set up bridges.> Both debian/stable machines will bind the ethernet NIC and the VPN > tunnel (which connects the two debian/stable machines) to a bridge, > and route packets as necessary based on ethernet mac addresses.That's indeed the way to do it.> This setup is like the example configuration on the tinc web page: > http://www.tinc-vpn.org/examples/bridging > and the two tinc daemons establish their connections (meta and data). > Both ends send out the proper packets on the vpn tunnel, and although > the data is received, it doesn't make it up the stack. tcpdump on > either end of the tunnel shows only outbound data. > > It appears that the configuration is correct, but the daemon is at > fault. Specifically, it appears to be a known issue with tinc 1.0.3, > and the solution is to move to 1.0.4: > http://brouwer.uvt.nl/pipermail/tinc/2006-January/001497.html > Unfortunately that version is not available in debian/stable. > > I'm looking for solutions to 'port' the tinc 1.0.4 daemon to debian/ > stable, or use a different tool to achieve the same objective (which > is to logically link/bridge the two segments together).You should be able to compile tinc 1.0.4 on Debian stable. It might also be possible to backport the unstable package to stable, by downloading the source package, tweaking the build-depends and rebuilding it. As for other tools, it should also be possible to set up a similar VPN with OpenVPN. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20060909/c24f249d/attachment.pgp