tinc - Oct 2017 - Tinc on PFSENSE box can join mesh, share keys, connect out, but doesn't reply to pings or connections

I've tried IRC in #tinc and #pfsense on freenode for this, not luck yet,
figured I'd try the mailing list.

A summary of my problem is here:

https://www.reddit.com/r/PFSENSE/comments/789xus/tinc_vpn_can_do_everything_but_be_accessed/

If there are any details I can provide that would help I'll be more than
happy to.
I'm hoping it will be something obvious that someone can say "oh, add
this
to the config" or whatever, but maybe not.

Thanks in advance for any help!
~darren
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20171023/ca80b8c3/attachment.html>

On Mon, Oct 23, 2017 at 6:38 PM, Darren Mobley <corpdecker at gmail.com>
wrote:
> I've tried IRC in #tinc and #pfsense on freenode for this, not luck
yet,
> figured I'd try the mailing list.
>
> A summary of my problem is here:
>
>
https://www.reddit.com/r/PFSENSE/comments/789xus/tinc_vpn_can_do_everything_but_be_accessed/
>
> If there are any details I can provide that would help I'll be more
than
> happy to.
> I'm hoping it will be something obvious that someone can say "oh,
add this
> to the config" or whatever, but maybe not.
>
> Thanks in advance for any help!
It sounds like you have a firewall rule dropping incoming packets that
are not part of an established connection.

Can you print out your iptables rules?

iptables  --list  -n  -v
iptables  --table nat  --list  -n  -v

-Parke

can you try to add these Firewall rules in WAN & see

[image: Inline image 1]

Regards
Ramesh

On Sat, Dec 16, 2017 at 12:47 PM, Parke <parke.nexus at gmail.com> wrote:
> On Mon, Oct 23, 2017 at 6:38 PM, Darren Mobley <corpdecker at
gmail.com>
> wrote:
> > I've tried IRC in #tinc and #pfsense on freenode for this, not
luck yet,
> > figured I'd try the mailing list.
> >
> > A summary of my problem is here:
> >
> > https://www.reddit.com/r/PFSENSE/comments/789xus/tinc_
> vpn_can_do_everything_but_be_accessed/
> >
> > If there are any details I can provide that would help I'll be
more than
> > happy to.
> > I'm hoping it will be something obvious that someone can say
"oh, add
> this
> > to the config" or whatever, but maybe not.
> >
> > Thanks in advance for any help!
>
> It sounds like you have a firewall rule dropping incoming packets that
> are not part of an established connection.
>
> Can you print out your iptables rules?
>
> iptables  --list  -n  -v
> iptables  --table nat  --list  -n  -v
>
> -Parke
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20171216/0ba1208d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 9528 bytes
Desc: not available
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20171216/0ba1208d/attachment.png>

I
Firewall yes. But not for tinc connections. Those work as he can reach out.
Not in

Add a firewall rule for the tink interface tunx to allow incoming.
You will also need to allow forward to access clients on the lan from
outside via tinc.


On Oct 23, 2017 7:39 PM, "Darren Mobley" <corpdecker at
gmail.com> wrote:
> I've tried IRC in #tinc and #pfsense on freenode for this, not luck
yet,
> figured I'd try the mailing list.
>
> A summary of my problem is here:
>
> https://www.reddit.com/r/PFSENSE/comments/789xus/tinc_
> vpn_can_do_everything_but_be_accessed/
>
> If there are any details I can provide that would help I'll be more
than
> happy to.
> I'm hoping it will be something obvious that someone can say "oh,
add this
> to the config" or whatever, but maybe not.
>
> Thanks in advance for any help!
> ~darren
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20171216/c39e23f7/attachment-0001.html>