lx.mayer at chello.at
2018-Mar-11 12:01 UTC
Problem connecting two home networks (Windows/Linux)
Hi all,
After having read most of the available documentation I still have got
problems interconnecting two networks in router mode:
My configuration consists of two private home networks that I want to
connect:
Vienna 192.168.0.0/24 - Internet gateway 192.168.0.1
Berlin 192.168.1.0/24 - Internet gateway 192.168.1.1
VPN Devices are configured as 192.168.3.1 (Vienna) and 192.168.3.2 (Berlin)
mask 255.255.0.0
Tinc (1.1pre 15) is running on 192.168.0.2 (Windows) and on 192.168.1.4
(Debian, Raspberry)
IP forwarding is activated on the Windows PC (HKEY_LOCAL_MACHINE\ System\
CurrentControlSet\ Services\ Tcpip\ Parameters) and the Raspberry
(net.ipv4.ip_forward = 1).
Port forwarding for port 54321 is enabled on both routers.
Configuration files:
NodeVienna:
tinc.conf:
--
Name = NodeVienna
ConnectTo = NodeBerlin
Interface = vpn-dev
AddressFamily = ipv4
PrivateKeyFile=C:\Program Files\tinc\MyTincVPN\rsa_key.priv
Mode = router
--
IP config for the TAP-device (Version Windows 9.21.2) vpn-dev:
Static IP: 192.168.3.1 / Subnet mask 255.255.0.0
Firewall exception in place for tinc.exe
--
NodeBerlin:
Tinc.conf
--
Device=/dev/net/tun
Interface=MyTincVPN-dev
Mode=router
Name=NodeBerlin
AddressFamily=ipv4
PrivateKeyFile=/etc/tinc/MyTincVPN/rsa_key.priv
ConnectTo=NodeVienna
--
tinc-up:
--
#!/bin/sh
ifconfig $INTERFACE 192.168.3.2 netmask 255.255.0.0
--
Host files:
Node Vienna:
--
Address=213.x.y.z
Port=54321
Subnet=192.168.0.0/24
Compression=9
-----BEGIN RSA PUBLIC KEY-----
[removed]
-----END RSA PUBLIC KEY-----
--
NodeBerlin:
--
Address=xxxxx.ddns.net
Port=54321
Subnet=192.168.1.0/24
Compression=9
-----BEGIN RSA PUBLIC KEY-----
[removed]
-----END RSA PUBLIC KEY-----
---------------
Current issue:
According to the logs (level 5) both nodes are connected, there is a lot of
traffic between them (and looks good):
On both machines (192.168.0.2 & 192.168.1.4) it is possible to ping the
local VPN IP (192.168.3.1 and 192.168.3.2). A ping to the other VPN results
in a timeout.
On 192.168.0.2 a ping to 192.168.3.1 works, a ping to192.168.3.2 generates a
time out.
On 192.168.1.4 a ping to 192.168.3.2 works, a ping to192.168.3.2 results in
destination net nor reachable.
Below I attached the routing tables.
It seems to be a routing issue (I found no config example with the same
layout).
Thanks in advance for any comment/help.
Alexander
IPv4-Routing Tables for 192.168.0.2
==========================================================================
Aktive Routen:
Dest mask Gateway Interface metrik
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
192.168.0.0 255.255.0.0 Auf Verbindung 192.168.3.1 291
192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.2 281
192.168.0.2 255.255.255.255 Auf Verbindung 192.168.0.2 281
192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.2 281
192.168.3.1 255.255.255.255 Auf Verbindung 192.168.3.1 291
192.168.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.3.1 291
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.2 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.2 281
==========================================================================
--
Routing table for 192.168.1.4
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
default 192.168.1.1 0.0.0.0 UG 303 0 0
wlan0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0
MyTincVPN-dev
192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0
wlan0
==
---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20180311/bb423695/attachment.html>
Static IP: 192.168.3.1 / Subnet mask 255.255.0.0 your tinc subnet overlaps both of your lan subnets, 192.168.0.0/16 (255.255.0.0) will see 192.168.1.1/24 (255.255.255.0) and 192.168.0.1/24 as part of its network. move tinc to a clear subnet, then add a route to both lan gateways to use the tinc box to reach the other lan. ie static route on 192.168.0.1 host 192.168.1.0/24 gateway (tinc box on 192.168.0.0/24 LAN ip) static route on 192.168.1.1 host 192.168.0.0/24 gateway (tinc box on 192.168.1. 0/24 LAN ip) once both sides know how to reach each other, pinging both directions should work so long as the tinc tunnel connects. On Sun, Mar 11, 2018 at 5:01 AM, <lx.mayer at chello.at> wrote:> Hi all, > > > > After having read most of the available documentation I still have got > problems interconnecting two networks in router mode: > > > > My configuration consists of two private home networks that I want to > connect: > > Vienna 192.168.0.0/24 - Internet gateway 192.168.0.1 > > Berlin 192.168.1.0/24 - Internet gateway 192.168.1.1 > > > > VPN Devices are configured as 192.168.3.1 (Vienna) and 192.168.3.2 > (Berlin) mask 255.255.0.0 > > > > Tinc (1.1pre 15) is running on 192.168.0.2 (Windows) and on 192.168.1.4 > (Debian, Raspberry) > > IP forwarding is activated on the Windows PC (HKEY_LOCAL_MACHINE\ System\ > CurrentControlSet\ Services\ Tcpip\ Parameters) and the Raspberry > (net.ipv4.ip_forward = 1). > > Port forwarding for port 54321 is enabled on both routers. > > > > Configuration files: > > > > NodeVienna: > > tinc.conf: > > -- > > Name = NodeVienna > > ConnectTo = NodeBerlin > > Interface = vpn-dev > > AddressFamily = ipv4 > > PrivateKeyFile=C:\Program Files\tinc\MyTincVPN\rsa_key.priv > > Mode = router > > -- > > IP config for the TAP-device (Version Windows 9.21.2) vpn-dev: > > Static IP: 192.168.3.1 / Subnet mask 255.255.0.0 > > Firewall exception in place for tinc.exe > > -- > > NodeBerlin: > > Tinc.conf > > -- > > Device=/dev/net/tun > > Interface=MyTincVPN-dev > > Mode=router > > Name=NodeBerlin > > AddressFamily=ipv4 > > PrivateKeyFile=/etc/tinc/MyTincVPN/rsa_key.priv > > ConnectTo=NodeVienna > > -- > > tinc-up: > > -- > > #!/bin/sh > > ifconfig $INTERFACE 192.168.3.2 netmask 255.255.0.0 > > -- > > Host files: > > > > Node Vienna: > > -- > > Address=213.x.y.z > > Port=54321 > > Subnet=192.168.0.0/24 > > Compression=9 > > -----BEGIN RSA PUBLIC KEY----- > > [removed] > > -----END RSA PUBLIC KEY----- > > -- > > NodeBerlin: > > -- > > Address=xxxxx.ddns.net > > Port=54321 > > Subnet=192.168.1.0/24 > > Compression=9 > > -----BEGIN RSA PUBLIC KEY----- > > [removed] > > -----END RSA PUBLIC KEY----- > > --------------- > > Current issue: > > According to the logs (level 5) both nodes are connected, there is a lot > of traffic between them (and looks good): > > On both machines (192.168.0.2 & 192.168.1.4) it is possible to ping the > local VPN IP (192.168.3.1 and 192.168.3.2). A ping to the other VPN results > in a timeout. > > > > On 192.168.0.2 a ping to 192.168.3.1 works, a ping to192.168.3.2 generates > a time out. > > On 192.168.1.4 a ping to 192.168.3.2 works, a ping to192.168.3.2 results > in destination net nor reachable. > > > > Below I attached the routing tables. > > > > It seems to be a routing issue (I found no config example with the same > layout). > > > > Thanks in advance for any comment/help. > > Alexander > > > > > > IPv4-Routing Tables for 192.168.0.2 > > ===========================================================> ==============> > Aktive Routen: > > Dest mask Gateway Interface metrik > > 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 > 25 > > 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 > 331 > > 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 > 331 > > 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 > 331 > > 192.168.0.0 255.255.0.0 Auf Verbindung 192.168.3.1 > 291 > > 192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.2 > 281 > > 192.168.0.2 255.255.255.255 Auf Verbindung 192.168.0.2 > 281 > > 192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.2 > 281 > > 192.168.3.1 255.255.255.255 Auf Verbindung 192.168.3.1 > 291 > > 192.168.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 > 291 > > 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 > 331 > > 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.3.1 > 291 > > 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.2 > 281 > > 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 > 331 > > 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 > 291 > > 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.2 > 281 > > ===========================================================> ==============> > -- > > > > > > Routing table for 192.168.1.4 > > Kernel-IP-Routentabelle > > Ziel Router Genmask Flags Metric Ref Use > Iface > > default 192.168.1.1 0.0.0.0 UG 303 0 0 > wlan0 > > 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > MyTincVPN-dev > > 192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 > wlan0 > > ==> > > > > > > > > > > > > > > > > > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virenfrei. > www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > <#m_8105891144895463053_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180312/66aed91c/attachment-0001.html>