similar to: How could I implicitly set indirect routing

Tinc team: I'm creating a vpn for my work laptop and vps and got trapped, here are my config files: on laptop: *tinc.conf Name = envy13 Device = /dev/net/tun ConnectTo = main *hosts/main Address = <my vps ext ip address> Port = 655 Subnet = 10.0.0.1/32 *hosts/envy13 Port = 655 Subnet = 10.0.0.2/32 *tinc-up #!/bin/sh ip link set myvpn up ip addr add 10.0.0.2/32 dev myvpn ip route add

Hi to all, +-------+ eth1 +-------+ | |==========| | ''network 1'' ----| A | | B |---- ''network 2'' | |==========| | +-------+ eth2 +-------+ A and B are routers # tc qdisc add dev eth1 root teql0 # tc qdisc add dev eth2 root teql0 # ip link set

I'm attempting to configure source-specific routing so that my servers can exist on multiple subnets from multiple upstream providers. A rough diagram of the network layout: ISP1 router (blackbox, routes subnet A, address on subnet A) \ -----------eth0(firewall)eth1---((servers)) / ISP2 router (blackbox, routes subnet B, address on subnet B) The aim is to allow the servers to use

Hi Lars, I have no experience to use tcpdump, here is the output from TCPdump for your reference. Any idea? Use my home PC to ping company PC 01:00:25.154706 ethertype IPv4, IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 17, length 40 01:00:25.154706 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 17, length 40 01:00:25.154706 IP 192.168.1.2 > 10.0.0.2: ICMP echo

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 Summary: DNAT to internal network don't work with source routing and 2 uplinks Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2

Hi Lars, Once I modify the firewall FORWARD rule to ACCEPT. I can ping and access my company PC at home. All traffic can pass through that. But I think it is not a good practice to change the FORWARD rule to ACCEPT. Any idea to check and just allow the tinc VPN traffic only? Instead of allow everything pass through the FORWARD rule. Regards, Eric -----Original Message----- From: Lars Kruse

Hi all, New to Samba here so please bear with dumb questions. I have a server that's currently running SMB shares off of device 10.0.0.1 on a private network. It has a second device, 10.0.0.2 that I would like to add to the device bindings for Samba. I've tried this in the smb.conf file but it doesn't seem to work. Here's what I tried: workgroup = SOMECOMPANY netbios

Hi All, I''ve got server with one LAN card eth0 ip=10.0.0.5 default access t ointernety done through ADSL router gw 10.0.0.1 we got second internet access through another ADSL router gw 10.0.0.2 I want to send all e-mail out through gw 10.0.0.2 How it can be done? I''ve tried to mark packets: iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 0x1 and ip ru add

Hi, I use tinc-vpn to create private mesh vpn networks between office and house in different locations and it works really well. But somehow I'm considering if there were any possibility to add radius support for single node traffic management. I does think it will be really difficult to implement such functions as a feature of a mesh network,because all of the traffic was initiated end to

Hey guys, Stumbled upon tinc a few days ago - looks great. I'm having trouble setting up a simple VPN between two machines that are unfirewalled, one is a physical machine and another is a local VM. I can connect to them via their existing LAN IPs and ping them without issue with < 1ms. 1) I have WinA (Windows host - existing LAN IP 192.168.137.1) and LinuxB (Linux host - existing LAN

Hi All, I am trying to setup the site-to-site VPN with TINC for connect my home network to company network. Here is the IP allocation and configuration for your reference. Home PC (192.168.1.2) ?-----? Home (OPENWRT Router, 192.168.1.1, 10.0.0.1) ?----------------? INTERNET ?-------------? COMPANY (Windows 7 PC,192.168.2.1, 10.0.0.2) ?------------? COMPANY (SERVER ZONE) ?----? SERVER A

Hi all, I''ve been using shorewall 3 (3.4.8 now) for a while on a simple gateway setup for my office. Routing is enabled only for a few hosts and all user access the internet thru squid, which is running on the shorewall box. I have a few other services on this box and some others on another server, but they don''t matter for what I need. Quick and dirty schematics to illustrate

Whens the point and click GUI coming out? All kidding aside, I seem to be confused about some of the network settings. Essentially all I want is a secure tunnel from machine A to B on two different physical networks, but I can't seem to get there. Just to get things figured out I've got two machines on the same physical network, mach A: 192.168.0.1, mach B: 192.168.0.3. bcast is

On Wed, Apr 27, 2016 at 05:15:57PM +0800, hshh wrote: > >Updated support for BSD tun/tap devices. > It is broken on FreeBSD tun. > > tcpdump on tun, > 09:05:07.458988 IP0 bad-hlen 0 Can you show me your tinc.conf and tinc-up script? Also, which version of FreeBSD are you using? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org>

Hi, We have some Asterisk servers that we are moving behind a NAT to preserve public addresses and make room for growth. This is Asterisk 1.4 NAT works very good with the externip/localnet-setting when we are connected directly to our teleco. But when I try to use NAT and put them behind our Kamailio something interesting happens: The media-address in the SDP is the internal ip and not the

Hi, I got an existing solution with shorewall where I can differentiate tun10 from tun+ as different zone. For example: /etc/shorewall/zones A ipv4 B:A ipv4 /etc/shorewall/interfaces A tun+ B tun10 Now, I have a requirement to add tun11 to zone B. When I do this in interfaces config: A tun+ B tun10,tun11 It doesn''t like it (although it''s ok when performing

tinc.conf Name = server Device = /dev/tun10 TunnelServer = yes Forwarding = kernel KeyExpire = 86400 tinc-up #!/bin/sh /sbin/ifconfig tun10 up /sbin/ifconfig tun10 inet 10.255.1.1/24 On Wed, Apr 27, 2016 at 5:20 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Wed, Apr 27, 2016 at 05:15:57PM +0800, hshh wrote: > >> >Updated support for BSD tun/tap devices. >> It is

Hey all. I''m trying to set up QoS using the HTB qdisc in a very basic setup, but it the example shown in the howto doesn''t seem to be working. While the packets show up in the correct classes, they appear to be completely ignoring the rates, meaning nothing gets shaped. My setup is that I''ve got a a bunch of machines behind my firewall/router: 1.2.3.1

Hi, I am trying to access devices (ip cams) through clients using the tinc vpn. Let's demonstrate the problem with two clients: client name [ip in eth0] [ip in tun0] gl752 (A) 192.168.1.33 10.0.0.1 xps13 (B) 192.168.1.55 10.0.0.2 I also have an ip camera connected to the local network at 192.168.1.21. I want to try a situation where I am accessing, from linux box

Thanks in advance! Summary: when I load netem and teql together, teql doesn''t work correctly. (If I load teql only, everything is fine) I loaded both netem and teql. Netem is associated with eth0, and teql is associated with both eth0 and eth1. But traffic only goes out of eth1. Attached are the commands that I used to configure teql and netem (on machine 1), and commands to