tinc - Feb 2016 - need help on tinc route problem

my network:

local pc(192.168.1.2)-->openwrt_adsl_router A(
192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24 tinc)<---remote B:
10.10.20.1/24
                                                                    ^
                                                                    |
                                             remote C:10.10.0.1/24


all running tinc 1.0.x,

ADSL router runs as a "server"(only one tinc instance), listening on
some
port,
client B and C connect to ADSL router,
from my pc I need to:
1. Access B's subnet 192.168.50.1/24
2. Access some WAN websites via C
3. no traffic between B and C
4. other traffic goes to pppoe interface by default

here are the config files:
A: router

tincd.conf:
device = /dev/net/tun
name = vpn
interface = vpn
addressFamilay = ipv4

##
Address=xxx.dyndns.org
Port=xxx port
subnet=10.10.10.0/24
Subnet=192.168.1.0/24

##tinc-up:
ifconfig vpn 10.10.10.1/24 up
route add -host 10.10.0.1 dev vpn
route add -net 10.10.0.0/24 gw 10.10.0.1

route add -host 10.10.20.1 dev vpn
route add -net 10.10.20.0/24 gw 10.10.20.1
route add -net 192.168.50.0/24 gw 10.10.20.1   (requirement .1)

route add -net many websites networks gw 10.10.0.1 (requirement .2)
...
###########################
B:
connectTo=vpn
##
Subnet=10.10.20.0/24
Subnet=192.168.50.0/24

##
ifconfig Binc 10.10.20.1/24 up
route add -host 10.10.10.1 dev Binc
route add -net 10.10.10.0/24 gw 10.10.10.1
route add -net 192.168.1.0/24 gw 10.10.10.1
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

###########################
C:
connectTo=vpn
##
Subnet=10.10.0.0/24
Subnet=0.0.0.0/1     ----------> this line only exists in server
C:/etc/tinc/hosts/C, but I guess it can be learned by router node

##
ifconfig Cinc 10.10.0.1/24 up
route add -host 10.10.10.1 dev Cinc
route add -net 192.168.1.0/24 gw 10.10.10.1
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

########################
router has B and C host files, B don't have C's and C don't have
B's host
file

this works fine for me,

but today, I need to access a WAN server(5.6.7.8) via B, so I added a route:
route add -host 5.6.7.8 gw 10.10.20.1 (B)
I thought it should work like other routes, but the traffic still goes
through C,
after examine the config, I think the problem maybe because of only  C has
"Subnet=0.0.0.0/1"

my questions are:
1. why packet has route with default gw to B can be routed to C ? is it
right behavior?
2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to B's host
file ?
I have some trouble to test this now, because B is not easy to access,(best
way is let it connect to me)
also, even this way works, I don't want other networks's traffic(added
route for C) goes through B, or randomly.
3. I removed "Subnet=0.0.0.0/1" from C, then all route(to WAN) via B/C
not
work anymore, is there anyway to
let those "route add (WAN networks) gw 10.10.0.1" works without the
"Subnet0.0.0.0/1" ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/66be5549/attachment.html>

hi.

Are you add only 0.0.0.0/1 as route, not 128.0.0.0/1 too?
Did you tried to add route to 5.6.7.8 via C with lesser metric then via B?

If you have to add static routes only on a few servers, you can add them to
the $HOST-up scripts.





On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <gb2313 at gmail.com> wrote:
> my network:
>
> local pc(192.168.1.2)-->openwrt_adsl_router A(
> 192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24 tinc)<---remote B:
> 10.10.20.1/24
>                                                                     ^
>                                                                     |
>                                              remote C:10.10.0.1/24
>
>
> all running tinc 1.0.x,
>
> ADSL router runs as a "server"(only one tinc instance), listening
on some
> port,
> client B and C connect to ADSL router,
> from my pc I need to:
> 1. Access B's subnet 192.168.50.1/24
> 2. Access some WAN websites via C
> 3. no traffic between B and C
> 4. other traffic goes to pppoe interface by default
>
> here are the config files:
> A: router
>
> tincd.conf:
> device = /dev/net/tun
> name = vpn
> interface = vpn
> addressFamilay = ipv4
>
> ##
> Address=xxx.dyndns.org
> Port=xxx port
> subnet=10.10.10.0/24
> Subnet=192.168.1.0/24
>
> ##tinc-up:
> ifconfig vpn 10.10.10.1/24 up
> route add -host 10.10.0.1 dev vpn
> route add -net 10.10.0.0/24 gw 10.10.0.1
>
> route add -host 10.10.20.1 dev vpn
> route add -net 10.10.20.0/24 gw 10.10.20.1
> route add -net 192.168.50.0/24 gw 10.10.20.1   (requirement .1)
>
> route add -net many websites networks gw 10.10.0.1 (requirement .2)
> ...
> ###########################
> B:
> connectTo=vpn
> ##
> Subnet=10.10.20.0/24
> Subnet=192.168.50.0/24
>
> ##
> ifconfig Binc 10.10.20.1/24 up
> route add -host 10.10.10.1 dev Binc
> route add -net 10.10.10.0/24 gw 10.10.10.1
> route add -net 192.168.1.0/24 gw 10.10.10.1
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> ###########################
> C:
> connectTo=vpn
> ##
> Subnet=10.10.0.0/24
> Subnet=0.0.0.0/1     ----------> this line only exists in server
> C:/etc/tinc/hosts/C, but I guess it can be learned by router node
>
> ##
> ifconfig Cinc 10.10.0.1/24 up
> route add -host 10.10.10.1 dev Cinc
> route add -net 192.168.1.0/24 gw 10.10.10.1
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> ########################
> router has B and C host files, B don't have C's and C don't
have B's host
> file
>
> this works fine for me,
>
> but today, I need to access a WAN server(5.6.7.8) via B, so I added a
> route:
> route add -host 5.6.7.8 gw 10.10.20.1 (B)
> I thought it should work like other routes, but the traffic still goes
> through C,
> after examine the config, I think the problem maybe because of only  C has
> "Subnet=0.0.0.0/1"
>
> my questions are:
> 1. why packet has route with default gw to B can be routed to C ? is it
> right behavior?
> 2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to B's
host file ?
> I have some trouble to test this now, because B is not easy to
> access,(best way is let it connect to me)
> also, even this way works, I don't want other networks's
traffic(added
> route for C) goes through B, or randomly.
> 3. I removed "Subnet=0.0.0.0/1" from C, then all route(to WAN)
via B/C
> not work anymore, is there anyway to
> let those "route add (WAN networks) gw 10.10.0.1" works without
the
> "Subnet=0.0.0.0/1" ?
>
>
>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>

-- 
brgds
Maxim Vorontsov
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/e35780f0/attachment.html>

yes, I have these in C host file:

Subnet=10.10.0.0/24
Subnet=0.0.0.0/1
Subnet=128.0.0.0/1   ## not metioned, because I think is maybe works in
same as 0.0.0.0/1

B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1

I only added one route to 5.6.7.8 via B, not via C

On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at gmail.com>
wrote:
> hi.
>
> Are you add only 0.0.0.0/1 as route, not 128.0.0.0/1 too?
> Did you tried to add route to 5.6.7.8 via C with lesser metric then via B?
>
> If you have to add static routes only on a few servers, you can add them
> to the $HOST-up scripts.
>
>
>
>
>
> On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <gb2313 at gmail.com>
wrote:
>
>> my network:
>>
>> local pc(192.168.1.2)-->openwrt_adsl_router A(
>> 192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24
tinc)<---remote B:
>> 10.10.20.1/24
>>                                                                     ^
>>                                                                     |
>>                                              remote C:10.10.0.1/24
>>
>>
>> all running tinc 1.0.x,
>>
>> ADSL router runs as a "server"(only one tinc instance),
listening on some
>> port,
>> client B and C connect to ADSL router,
>> from my pc I need to:
>> 1. Access B's subnet 192.168.50.1/24
>> 2. Access some WAN websites via C
>> 3. no traffic between B and C
>> 4. other traffic goes to pppoe interface by default
>>
>> here are the config files:
>> A: router
>>
>> tincd.conf:
>> device = /dev/net/tun
>> name = vpn
>> interface = vpn
>> addressFamilay = ipv4
>>
>> ##
>> Address=xxx.dyndns.org
>> Port=xxx port
>> subnet=10.10.10.0/24
>> Subnet=192.168.1.0/24
>>
>> ##tinc-up:
>> ifconfig vpn 10.10.10.1/24 up
>> route add -host 10.10.0.1 dev vpn
>> route add -net 10.10.0.0/24 gw 10.10.0.1
>>
>> route add -host 10.10.20.1 dev vpn
>> route add -net 10.10.20.0/24 gw 10.10.20.1
>> route add -net 192.168.50.0/24 gw 10.10.20.1   (requirement .1)
>>
>> route add -net many websites networks gw 10.10.0.1 (requirement .2)
>> ...
>> ###########################
>> B:
>> connectTo=vpn
>> ##
>> Subnet=10.10.20.0/24
>> Subnet=192.168.50.0/24
>>
>> ##
>> ifconfig Binc 10.10.20.1/24 up
>> route add -host 10.10.10.1 dev Binc
>> route add -net 10.10.10.0/24 gw 10.10.10.1
>> route add -net 192.168.1.0/24 gw 10.10.10.1
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> ###########################
>> C:
>> connectTo=vpn
>> ##
>> Subnet=10.10.0.0/24
>> Subnet=0.0.0.0/1     ----------> this line only exists in server
>> C:/etc/tinc/hosts/C, but I guess it can be learned by router node
>>
>> ##
>> ifconfig Cinc 10.10.0.1/24 up
>> route add -host 10.10.10.1 dev Cinc
>> route add -net 192.168.1.0/24 gw 10.10.10.1
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> ########################
>> router has B and C host files, B don't have C's and C don't
have B's host
>> file
>>
>> this works fine for me,
>>
>> but today, I need to access a WAN server(5.6.7.8) via B, so I added a
>> route:
>> route add -host 5.6.7.8 gw 10.10.20.1 (B)
>> I thought it should work like other routes, but the traffic still goes
>> through C,
>> after examine the config, I think the problem maybe because of only  C
>> has "Subnet=0.0.0.0/1"
>>
>> my questions are:
>> 1. why packet has route with default gw to B can be routed to C ? is it
>> right behavior?
>> 2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to
B's host file ?
>> I have some trouble to test this now, because B is not easy to
>> access,(best way is let it connect to me)
>> also, even this way works, I don't want other networks's
traffic(added
>> route for C) goes through B, or randomly.
>> 3. I removed "Subnet=0.0.0.0/1" from C, then all route(to
WAN) via B/C
>> not work anymore, is there anyway to
>> let those "route add (WAN networks) gw 10.10.0.1" works
without the
>> "Subnet=0.0.0.0/1" ?
>>
>>
>>
>>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
>
> --
> brgds
> Maxim Vorontsov
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/8227706e/attachment-0001.html>