search for: original_gateway

Hi Guus, Am Freitag, den 25.09.2015, 17:04 +0200 schrieb Guus Sliepen: > Ok, that means by default the UDP NAT timeout on the Cisco is extremely > short. > > > I check the manual of the the Cisco NAT for any TCP/UDP > > timeout settings, but there is no way to modify anything like "keeps > > TCP/UDP connections alive". > > It wouldn't be called

...next step to relay Interestingly, earlier I check the below post for my setup, but now I found, the configuration can be simplified into, because tinc-up will make the 172.16.1.0/24 to $INTERFACE, and for those two default routes, the via is not required as well: #!/bin/sh VPN_GATEWAY=172.16.1.1 ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY ip route add $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE https://www.tinc-vpn.org/examples/redi...

...ehind the local NAT connect the host and all traffic is running through the host, which is working as NAT itself for accessing the internet (internet proxy/gateway). On each client this script is executed, when starting the tunnel connection to the host: --------- #!/bin/sh VPN_GATEWAY=10.20.0.1 ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY ip route add $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE --------- If I disable above routing r...

...ed to add isip route add 0.0.0.0/1 dev $INTERFACE ip route add 128.0.0.0/1 dev $INTERFACE which doesn't work. my tinc-up looks like this #!/bin/bash ip link  set $INTERFACE up ip addr  add 192.168.60.27/24 dev $INTERFACE ip route add 192.168.14.0/24 dev $INTERFACE #VPN_GATEWAY=192.168.60.27 #ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` #ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY #ip route add $VPN_GATEWAY dev $INTERFACE #ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE #ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 dev $INTERF...

Hello, http://www.tinc-vpn.org/examples/redirect-gateway/ explains how to set up a default route using tinc. However, in my understanding tinc's p2p traffic is routed via tinc there: Assume a network: Client A, Client B and a Server S. A and B have "ConnectTo S" in their config, S is used as a gateway providing 0.0.0.0/0 . All packets send from A to B will be delivered to

...running through the host, which is > working as NAT itself for accessing the internet (internet > proxy/gateway). > > On each client this script is executed, when starting the tunnel > connection to the host: > > --------- > #!/bin/sh > > VPN_GATEWAY=10.20.0.1 > ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` > > ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY > ip route add $VPN_GATEWAY dev $INTERFACE > ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE > ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE > ---------...

...Interestingly, earlier I check the below post for my setup, but now I found, the configuration can be simplified into, because tinc-up will make the 172.16.1.0/24 to $INTERFACE, and for those two default routes, the via is not required as well: > > #!/bin/sh > VPN_GATEWAY=172.16.1.1 > ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` > > ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY > ip route add $VPN_GATEWAY dev $INTERFACE > ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE > ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE > > htt...

I have been delighted by tinc. Building a mesh like I need would have been horrible in OpenVPN. tinc makes it easy. I decided to share a workaround for a problem that's been vexing me. Either I'm being dumb (and can do this better with a hint) or this is something others might need. I've been moving a bunch of services from our university to Amazon (EC2). To do this, I bring

Sure, let me reply all here for my finding. @Lars @Guus A’s tinc.conf: Name = bright AddressFamily = ipv4 ConnectTo = aly_hk A’s tinc-up: #!/bin/sh ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0 A’s host config: Subnet = 10.0.0.110/32 (VPN address) Subnet = 192.168.31.0/24 (LAN address) IndirectData = yes (enabled for every tinc nodes) The node aly_hk (vpn address 10.0.0.3) connects with

...on 3G in my case), and thus the simplest solution is to put > tinc's routing in a new table with higher priority: > > # Use new routing table 100, to have higher priority than lollipop's ones > ip rule add prio 100 from all lookup 100 > ip route add table 100 $REMOTEADDRESS $ORIGINAL_GATEWAY > ip route add table 100 $VPN_GATEWAY dev $INTERFACE > > > I've updated the examples from Tinc GUI's documentation accordingly: > http://tinc_gui.poirsouille.org/ > > Hope this helps, > V > > 2015-03-27 15:38 GMT+01:00 Andrea Squeri <andrea.squeri at gmail.c...

...y (wlan0 on wifi, rmnet0 on 3G in my case), and thus the simplest solution is to put tinc's routing in a new table with higher priority: # Use new routing table 100, to have higher priority than lollipop's ones ip rule add prio 100 from all lookup 100 ip route add table 100 $REMOTEADDRESS $ORIGINAL_GATEWAY ip route add table 100 $VPN_GATEWAY dev $INTERFACE I've updated the examples from Tinc GUI's documentation accordingly: http://tinc_gui.poirsouille.org/ Hope this helps, V 2015-03-27 15:38 GMT+01:00 Andrea Squeri <andrea.squeri at gmail.com>: > I switch to lollipop 4 months ag...

I switch to lollipop 4 months ago and I never had issue. So for my opinion it is ready for daily use. Before try tinc I had my vpn implemented with openvpn, and it works great on lollipop. I switch to tinc because i prefer a mash vpn topology versus a client/server topology. -- Andrea Squeri Inviato con Sparrow (http://www.sparrowmailapp.com/?sig) Il giorno venerd? 27 marzo 2015, alle ore