thr3ads.net - tinc - Second VPN network fails to start [May 2019]

If this information is useful, please help other people find it:
Share via:

Robert Horgan

2019-May-20 04:11 UTC

Second VPN network fails to start

Hello Lars,

Thanks for your feedback.  Unfortunately I made an error in writing the network
I expected to connect to.  I meant  10.3.0.0/24  The one I wrote in fact was one
network of the already established VPN.  I have included full details of my
relevant files below.

Background:  I am trying to set up a second VPN between two servers: gtdb and
db2.  Both servers are already part of separate VPNs: 10.1.0.0/24 and
10.0.0.0/24

These are my files:

On server 1: db2

/etc/tinc/nets.boot
#
gainplus				 (this works fine, autostarts, etc)
vpn1

/etc/tinc/vpn1/tinc.conf
Name = db2
BindToAddress = 10.130.17.192
AddressFamily = ipv4
Port = 656
ConnectTo = gtdb
Interface = tun0

/etc/tinc/vpn1/tinc-up
#!/bin/sh
# tinc-up
ip addr add 10.3.0.50/24 dev $INTERFACE
ip link set dev $INTERFACE up

/etc/tinc/vpn1/hosts/gtdb
Subnet = 10.3.0.51/32
Port = 656

-----BEGIN RSA PUBLIC KEY-----

/etc/tinc/vpn1/hosts/db2
Address = 10.130.17.192
Subnet = 10.3.0.50/32
Port = 656

-----BEGIN RSA PUBLIC KEY-----

#########################################################

On server 2: gtdb

/etc/tinc/nets.boot
#
gainplus
vpn1

/etc/tinc/vpn1/tinc.conf
Name = gtdb
BindToAddress = 10.130.8.6
AddressFamily = ipv4
Port = 656
ConnectTo = db2
Interface = tun0

/etc/tinc/vpn1/tinc-up
#!/bin/sh
# tinc-up
ip addr add 10.3.0.51/24 dev $INTERFACE
ip link set dev $INTERFACE up

/etc/tinc/vpn1/hosts/gtdb
Address = 10.130.8.6
Subnet = 10.3.0.0/24
Port = 656

-----BEGIN RSA PUBLIC KEY-----

/etc/tinc/vpn1/hosts/db2
Address = 10.130.17.192
Subnet = 10.3.0.50/32
Port = 656

-----BEGIN RSA PUBLIC KEY-----

The result I get when running ip a on either server only shows  the first VPN
tunnel:

9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UNKNOWN group default qlen 500
    link/none
    inet 10.0.0.51/24 scope global tun0
	   valid_lft forever preferred_lft forever

regards
Robert




-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20190520/2ebe6da1/attachment-0001.html>

Lars Kruse

2019-May-22 09:02 UTC

head link

Second VPN network fails to start

Hello Robert,


Am Mon, 20 May 2019 11:11:39 +0700
schrieb "Robert Horgan" <Robert at gainplus.asia>:
> These are my files:
> 
> On server 1: db2
> 
> /etc/tinc/nets.boot
> #
> gainplus				 (this works fine, autostarts, etc)
> vpn1
> 
> /etc/tinc/vpn1/tinc.conf
> Name = db2
> BindToAddress = 10.130.17.192
> AddressFamily = ipv4
> Port = 656
> ConnectTo = gtdb
> Interface = tun0
I would recommend to remove the "Interface" line (this results in an
interface
called "vpn1" in your case) or specify a human-readable name of the
VPN instead.

> /etc/tinc/vpn1/tinc-up
> #!/bin/sh
> # tinc-up
> ip addr add 10.3.0.50/24 dev $INTERFACE
> ip link set dev $INTERFACE up
> 
> /etc/tinc/vpn1/hosts/gtdb
> Subnet = 10.3.0.51/32
> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----
I think, the "Address" line is missing in the file above (necessary
for your
"ConnectTo" statement).

> /etc/tinc/vpn1/hosts/db2
> Address = 10.130.17.192
> Subnet = 10.3.0.50/32
> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----
> 
> #########################################################
> 
> On server 2: gtdb
> 
> /etc/tinc/nets.boot
> #
> gainplus
> vpn1
> 
> /etc/tinc/vpn1/tinc.conf
> Name = gtdb
> BindToAddress = 10.130.8.6
> AddressFamily = ipv4
> Port = 656
> ConnectTo = db2
> Interface = tun0
> 
> /etc/tinc/vpn1/tinc-up
> #!/bin/sh
> # tinc-up
> ip addr add 10.3.0.51/24 dev $INTERFACE
> ip link set dev $INTERFACE up
> 
> /etc/tinc/vpn1/hosts/gtdb
> Address = 10.130.8.6
> Subnet = 10.3.0.0/24
Are you sure, that you want to announce the availability of this subnet behind
gtdb? In this case you probably bridged the respective external interface with
the tinc interface? Or you use dynamic or static routes for selecting the right
outgoing interface for traffic?
Or should the above line be changed into  a /32 subnet just for the node address
itself?

> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----
> 
> /etc/tinc/vpn1/hosts/db2
> Address = 10.130.17.192
> Subnet = 10.3.0.50/32
> Port = 656
> 
> -----BEGIN RSA PUBLIC KEY-----
> 
> The result I get when running ip a on either server only shows  the first
VPN
> tunnel:
> 
> 9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
fq_codel
> state UNKNOWN group default qlen 500 link/none
>     inet 10.0.0.51/24 scope global tun0
> 	   valid_lft forever preferred_lft forever
Could this be as simple as a name conflict ("tun0" for both VPN
setups)?
If not: do you find any information in your local logs?
(e.g. /var/log/daemon.log)

Cheers,
Lars

Maybe Matching Threads

Search for more apparently analagous threads

tinc - May 2019 - Second VPN network fails to start

Second VPN network fails to start

Second VPN network fails to start

Maybe Matching Threads