Is it possible to connect networks with different masks together? For example a 10.26.0.0/16 subnet with a 192.168.117.0/24 subnet. See this thread for more details... https://forum.netgate.com/topic/134218/tinc-initial-setup
Hello Corey, Am Tue, 28 Aug 2018 16:23:02 -0400 schrieb Corey Boyle <coreybrett at gmail.com>:> See this thread for more details... > > https://forum.netgate.com/topic/134218/tinc-initial-setupI think, the crucial misunderstanding in the above thread is the following:> However, the routeing table on each router does not reflect this information > and only has a single route added for the tun interface.I think it is important to understand, that tinc (unlike OpenVPN, for example) does not provide any network configuration details for you. It just creates a network interface and deals with packets, that flow into or out of this interface. Everything else (configuring IP addresses and routing) needs to be done by you in the scripts (tinc-(up|down), subnet-(up|down), ...). For your case I guess, that the following script "subnet-up" could be sufficient: #!/bin/sh ip route add "$SUBNET" dev "$INTERFACE" ("subnet-down" should do the opposite) Cheers, Lars
Thank you so much for the feedback. Would I be able to use OSPF to manage the routes, or is the script the only way? Also, I can't find any reference to the "VPN Netmask" option in the TINC docs. Is that something specific to the pfS package? __ Corey On Aug 28, 2018 6:35 PM, "Lars Kruse" <lists at sumpfralle.de> wrote: Hello Corey, Am Tue, 28 Aug 2018 16:23:02 -0400 schrieb Corey Boyle <coreybrett at gmail.com>:> See this thread for more details... > > https://forum.netgate.com/topic/134218/tinc-initial-setupI think, the crucial misunderstanding in the above thread is the following:> However, the routeing table on each router does not reflect thisinformation> and only has a single route added for the tun interface.I think it is important to understand, that tinc (unlike OpenVPN, for example) does not provide any network configuration details for you. It just creates a network interface and deals with packets, that flow into or out of this interface. Everything else (configuring IP addresses and routing) needs to be done by you in the scripts (tinc-(up|down), subnet-(up|down), ...). For your case I guess, that the following script "subnet-up" could be sufficient: #!/bin/sh ip route add "$SUBNET" dev "$INTERFACE" ("subnet-down" should do the opposite) Cheers, Lars _______________________________________________ tinc mailing list tinc at tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180828/045068d2/attachment.html>
WOW! OK! The light bulb above my head just came on. I added the script to the Subnet Up Script section, and now all the routes I need have been added in to the table for me. I did have to modify the line a little since I'm using pfSense (FreeBSD). I changed it to... route add "$SUBNET" -iface "$INTERFACE" ...I also used... route del "$SUBNET" -iface "$INTERFACE" ...for the Subnet Down Script section of the config. Do you know if the "VPN Netmask" option is specific to the pfSense implementation, or does it correspond to a tinc config item? On Tue, Aug 28, 2018 at 6:35 PM Lars Kruse <lists at sumpfralle.de> wrote:> > Hello Corey, > > > Am Tue, 28 Aug 2018 16:23:02 -0400 > schrieb Corey Boyle <coreybrett at gmail.com>: > > > See this thread for more details... > > > > https://forum.netgate.com/topic/134218/tinc-initial-setup > > > I think, the crucial misunderstanding in the above thread is the following: > > > However, the routeing table on each router does not reflect this information > > and only has a single route added for the tun interface. > > I think it is important to understand, that tinc (unlike OpenVPN, for example) > does not provide any network configuration details for you. It just creates a > network interface and deals with packets, that flow into or out of this > interface. > Everything else (configuring IP addresses and routing) needs to be done by you > in the scripts (tinc-(up|down), subnet-(up|down), ...). > > For your case I guess, that the following script "subnet-up" could be > sufficient: > > #!/bin/sh > ip route add "$SUBNET" dev "$INTERFACE" > > ("subnet-down" should do the opposite) > > Cheers, > Lars > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc