search for: vpn1

...22-May-19 4:02 PM >>> Hello Robert, Am Mon, 20 May 2019 11:11:39 +0700 schrieb "Robert Horgan" <Robert at gainplus.asia>: > These are my files: > > On server 1: db2 > > /etc/tinc/nets.boot > # > gainplus (this works fine, autostarts, etc) > #vpn1 stats > > /etc/tinc/vpn1/tinc.conf > Name = db2 > BindToAddress = 10.130.17.192 > AddressFamily = ipv4 > Port = 656 > ConnectTo = gtdb ># Interface = tun0 I would recommend to remove the "Interface" line (this results in an interface called "vpn1" in y...

...of my relevant files below. Background: I am trying to set up a second VPN between two servers: gtdb and db2. Both servers are already part of separate VPNs: 10.1.0.0/24 and 10.0.0.0/24 These are my files: On server 1: db2 /etc/tinc/nets.boot # gainplus (this works fine, autostarts, etc) vpn1 /etc/tinc/vpn1/tinc.conf Name = db2 BindToAddress = 10.130.17.192 AddressFamily = ipv4 Port = 656 ConnectTo = gtdb Interface = tun0 /etc/tinc/vpn1/tinc-up #!/bin/sh # tinc-up ip addr add 10.3.0.50/24 dev $INTERFACE ip link set dev $INTERFACE up /etc/tinc/vpn1/hosts/gtdb Subnet = 10.3.0.51/32 Por...

Hellou I found a interesting problem with my tinc instalation: Log messages from main router. tinc.vpn1[1959]: tincd 1.0pre7 starting tinc.vpn1[1959]: /dev/tun is a Linux tun/tap device tinc.vpn1[1959]: Can't bind to 0.0.0.0 port 655/tcp: Permission denied tinc.vpn1[1959]: Unable to create any listening socket! tinc.vpn1[1959]: Unrecoverable error #cat /etc/tinc/vpn1/tinc.conf Name...

...osts/B) needs have the Subnet = X/32, which indicate the VPN serve for this host. But as the tinc client to C, B’s host config shouldn’t include Subnet = X/32, because X/32 is behind C. If not direct connection available from A to C, the only way I can figure it out is to setup two VPNs, /etc/tinc/vpn1 and /etc/tinc/vpn2: A >> vpn1 >> B >> vpn2 >> C — “host X” If so, the /etc/tinc/vpn1/hosts/B can have Subnet =X/32; but the /etc/tinc/vpn2/hosts/B can exclude Subnet =X/32 since it’s the client side for C. Let me know if there’s any other simple way to achieve this.

...o it was not eventually an error with the config files but with the start process. These are the sequence of commands which eventually got everything working for me Note that I now have in addition to my first Tinc VPN /etc/tinc/gainplus a second, /etc/tinc/stats sudo systemctl disable tinc at VPN1 # the previous name that I used for the VPN causing an error in syslog sudo systemctl stop tinc systemctl enable tinc at gainplus systemctl enable tinc at stats sudo systemctl start tinc At this point I could run systemctl and see the 3 x tinc entries in the output. Everything up and running w...

Hi all, I have a setup with some zones : net, loc, vpn1(ipsec) , where each zone have the following address spaces "my firewall" net : 200.200.200.0/24 loc : 192.168.1.0/24 vpn1: 10.10.50.0/23 "my firewall" there is default route to net route to vpn1 when dst = 10.10.50.0/23 "vpn1 site" there is...

...ns. 1. If there are two hosts, foo and bar, that are to be connected via tinc, and each host should only have _one_ IP address (i.e. nmask is /32), would the following configuration work (in the context of the recent routing problems pointed out by users) ? foo's configuration: /etc/tinc/vpn1/tinc.conf -- Name = foo ConnectTo = bar KeyExpire = 3600 PingTimeout = 60 PrivateKeyFile = /etc/tinc/vpn1/rsa_key.priv TapDevice = /dev/tap0 /etc/tinc/vpn1/hosts/bar -- Subnet = 192.168.1.2/32 Address = a.b.c.d Port = 655 -----BEGIN RSA PUBLIC KEY----- […] -----END RSA PUBLIC KEY----- /etc/tinc...

....145.71.133 DST=216.187.138.18 LEN=42 TOS=0x00 PREC=0x00 TTL=46 ID=11 DF PROTO=UDP SPT=33120 DPT=5000 LEN=22 My tunnels file looks like this: # TYPE ZONE GATEWAY GATEWAY # ZONE openvpn:5000 net 0.0.0.0/0 vpn1 In interfaces: ############################################################################## #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect routefilter,nosmurfs loc eth1 detect dhcp dmz eth2 detect vpn1 tun0 In z...

...it doesn't seem to work. I want to connect two computers(for testing purposes) computer1(webdev) and computer2(gis) I have installed the tap-win32 on both of them. Both computers are windows XP. Also I don't have a router. Computer1:webdev ----------------------- C:\Program Files\tinc\vpn1\tinc.conf Name = webdev ConnectTo = office Interface = VPN C:\Program Files\tinc\vpn1\hosts\gis Address=64.201.188.230 Subnet=192.168.1.0/24 hosts/webdev Address=64.201.188.228 Subnet=192.168.0.0/24 TCP/IP parameters on the TAP-win32 NIC VPN: IP: 192.168.0.0 Subnet Mask: 255.0.0.0 C...

...0 proto kernel scope link src 10.0.0.51 10.15.0.0/16 dev eth0 proto kernel scope link src 10.15.0.10 10.130.0.0/16 dev eth1 proto kernel scope link src 10.130.17.192 206.189.32.0/20 dev eth0 proto kernel scope link src 206.189.47.8 This has been in place for 3 months, no problems at all I created VPN1 I have set port 656 for connecting DB1 10.1.0.50 should connect to gtdb 10.1.0.51 I have a VPN1 directory under \etc\tinc tinc.conf Name = db2 Device = /dev/net/tun BindToAddress = 10.130.17.192 AddressFamily = ipv4 Port = 656 hosts/ gtdb Subnet = 10.3.0.51/32 Port = 656 =========public key etc...

...ave to add a Windows host to the VPN. What a fight Winblows is! Probably just my ignorance. The VPN works and tinc says that tinc-up is run (and a debugging statement proves it) but I can't get an extra route added. tinc-up.bat contains: ------------------- netsh interface ip set address name=vpn1 source=static addr=192.168.1.12 mask=255.255.255.0 netsh routing ip add persistentroute dest=192.168.0.0 mask=255.255.255.0 name=vpn1 nhop=192.168.1.12 ------------------- I can ping/telnet the host on 192.168.1.5, but not 192.168.0.9. 'netsh routing ip show persistentroutes' shows 192....

Hi Parke, Thanks, no I had not run those commands, but after doing so, my VPN address is not visible. See below: nsasia at db2:/etc/tinc$ sudo systemctl enable tinc at VPN1 Created symlink /etc/systemd/system/tinc.service.wants/tinc at VPN1.service → /lib/ systemd/system/tinc at .service. nsasia at db2:/etc/tinc$ systemctl start tinc at VPN1 ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to start 'tinc at VPN...

Anybody knows some graphic reporting/analysing program for shorewall 4.0.7 or i have to do it by accounting? -- Javier Martínez Technical Manager ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

...ubnet = X/32, which indicate the VPN serve for this host. > But as the tinc client to C, B’s host config shouldn’t include Subnet = > X/32, because X/32 is behind C. > > If not direct connection available from A to C, the only way I can figure > it out is to setup two VPNs, /etc/tinc/vpn1 and /etc/tinc/vpn2: > > A >> vpn1 >> B >> vpn2 >> C — “host X” > > If so, the /etc/tinc/vpn1/hosts/B can have Subnet =X/32; but the > /etc/tinc/vpn2/hosts/B can exclude Subnet =X/32 since it’s the client side > for C. > > Let me know if there’s any ot...

Hi, I have multiple ppp interfaces that does not correspond to the same network usage. Do you know anything about trying to set definitively the ppp+ name ? or anything to adapt automagically iptables to the real network which is behind each ppp+ interface ? I''ve tooken a look into the IFNAME env var... but it doesn''t seems to work :c/ regards, -- BeTa

Hello again, >From the point of view of a Red Hat *user*, the standardised way of doing things would be to have an /etc/sysconfig/tinc file containing something like: NETWORKS="vpn1 vpn2 vpn3" (one or more names separated by spaces) At initialization, each name should launch a separate tinc instance (a different VPN) tinc service should not start until the user adds at least one VPN name (say "vpn1") in the /etc/sysconfig/tinc and the corresponding /etc/tin...

...et = X/32, which indicate the VPN serve for this host. >> But as the tinc client to C, B’s host config shouldn’t include Subnet = X/32, because X/32 is behind C. >> >> If not direct connection available from A to C, the only way I can figure it out is to setup two VPNs, /etc/tinc/vpn1 and /etc/tinc/vpn2: >> >> A >> vpn1 >> B >> vpn2 >> C — “host X” >> >> If so, the /etc/tinc/vpn1/hosts/B can have Subnet =X/32; but the /etc/tinc/vpn2/hosts/B can exclude Subnet =X/32 since it’s the client side for C. >> >> Let me know...

Hi ! I tried tinc, i'm very happy with it ; however, i have difficulties firewalling on the vpn itself ; here is my situation and what i'm experiencing: hosta ----| vpn server hostb ----| my interface is named vpn1 i can firewall connexions starting from host a and b to the vpn server (on the vpn server) (iptables -A INPUT -i vpn1 bla bla) i can firewall connexions starting from host a to host b (on host a and b) i can NOT firewall connexions starting from host a to host on the vpn server. actually, t...

...firewall ifconfig eth0 209.159.32.162 netmask 255.255.255.0 up ifconfig eth0:1 209.159.32.163 netmask 255.255.255.0 up that sets up the network card to have 2 address well in shorewall i tried to add eth0:1 to my interfaces well it says that Determining Zones... Zones: inet inet2 loc cust vpn1 vpn2 vpn3 Validating interfaces file... Error: Invalid Interface Name: eth0:1 what am i doing wrong or what do i need to do? Marshal McInnis Tech / Web Designs 1-205-344-4455 Ext 208

...TS in the rules file, I get Rejects of openvpn traffic from shorewall. Uncommenting those lines makes shorewall complain during bootup as it is working through the rules file before prompting for login. Any ideas?? TIA, Rick The shorewall zones file is net NET Internet loc Local Local Networks vpn1 VPN-ipsec RoadWarrior bpn3 WLAN-openvpn openvpn The interfaces file is net eth0 detect norfc1918 loc eth1 detect dhcp vpn1 ipsec0 vpn3 tun0 The tunnels file is ipsec net 0.0.0.0/0 vpn1 generic:udp:5000 loc 192.168.1.0/24 vpn3 firewall: -root- # more policy # # Shorewall 1.4 -- Sample P...