similar to: Unable to Pass Traffic to Internal Subnet

I have a 4 Node Tinc VPN setup with 2 nodes on my LAN and the other 2 outside the LAN in the cloud. Everything has been working great for about 5 years now, until today when I decided to move one of the nodes to another box. I basically, copied over the /etc/tinc folder to the new server and also moved the /etc/network/interfaces file, so that the new server was an exact mirror (more or less).

Turns out I needed to masquerade the traffic coming into that INSIDE node. Since I use UFW to manage IPtables, adding this to my /etc/ufw/before.rules and restarting UFW fixed it for me: " -A POSTROUTING -s 10.9.0.0/24 -o eth1 -j MASQUERADE" Very Respectfully, Kismet-Gerald Agbasi IT/Systems Administrator Central Truck Center, Inc. Office: 240-487-3315 Toll Free: 1-800-492-0709

Lars, Thanks for that tcpdump command, very helpful. I was able to confirm that the packets are indeed reaching the INSIDE node - so I'm suspecting that my routing table might be wrong. Very Respectfully, Kismet Agbasi -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Lars Kruse Sent: Wednesday, October 5, 2016 4:18 PM To: tinc at tinc-vpn.org

Keith, Thanks for the reply and the pointers. > Did you remember to activate kernel ip forwarding? > i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ? I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. > and when I saw that I was about to cancel

Thanks Keith. Here's the output: root at ubuntu2:~# iptables -vnL FORWARD Chain FORWARD (policy ACCEPT 745 packets, 47680 bytes) pkts bytes target prot opt in out source destination 6299 416K ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 6299 416K ufw-before-forward all -- * * 0.0.0.0/0

Hi Kismet, Am Wed, 5 Oct 2016 10:13:13 -0400 schrieb "Kismet Agbasi" <kagbasi at centraltruck.net>: > At this point I'm unsure of which information to provide in order to elicit > some assistance, however, below is the routing table of one INTERNAL and > EXTERNAL node. I basically want to be able to reach the 172.23.6.0 network > from any of the EXTERNAL nodes -

Thanks again Keith. I disabled UFW and flushed iptables completely, but same result. Pings from the external node are reaching the internal node on the tinc0 interface but nothing happens after that. Now that I'm thinking of it, I did some masquerading in order to get OpenVPN to work on another box, I wonder if that would be applicable here? Very Respectfully, Kismet Agbasi

On 05/10/2016 16:13, Kismet Agbasi wrote: > I have a 4 Node Tinc VPN setup with 2 nodes on my LAN and the other 2 > outside the LAN in the cloud. Everything has been working great for about 5 > years now, until today when I decided to move one of the nodes to another > box. Hi Kismet, Just thought I'd jump in here as I do a lot of this kind of thing, and in case you haven't

On 06/10/2016 15:48, Kismet Agbasi wrote: >> Did you remember to activate kernel ip forwarding? >> i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ? > I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. OK , let's just do one other simple

On 06/10/2016 16:33, Kismet Agbasi wrote: > Thanks Keith. Here's the output: OK. I'd like to say that I recognize this is now off topic for the tinc list, as it really is about basic routing and firewalls and has little if anything to do with tinc at this point. However, it's a low volume list, so unless anyone complains, lets thrash it out here. > wrong interface......hmmm.

On 06/10/2016 17:16, Kismet Agbasi wrote: > Thanks again Keith. I disabled UFW and flushed iptables completely, but same result. Pings from the external node are reaching the internal node on the tinc0 interface but nothing happens after that. Now that I'm thinking of it, I did some masquerading in order to get OpenVPN to work on another box, I wonder if that would be applicable here?

Hello, I am unable to figure out how to code a new column in a data frame based on an existing column that matches a column in a reference data frame, in a relational-db fashion. I would like this to maintain a minimum set of reference tables that may be reused over several similar datasets. Specifically, I have two data frames as listed below, 'Bos' and 'tree.' For each case in

Hi list, I have installed SIPp into my server. But not able to used it properly. how to configure with my server ? how to see logs on webpage ? how to start call testing .... when i start SIPp then found verious hits on myserver. *CLI:- * [Dec 27 17:37:54] NOTICE[28001]: chan_sip.c:20785 handle_request_invite: Call from '' to extension 'service' rejected because extension not

Hi. This will hopefully be readily understood but if not, bear with me. I have to do a repeated analysis (in spatstat) and want to batch file it. For each of my 'runs' certain variables change. At present I am manually specifying these changes and want to automate it if possible. Ok, I am creating an object which is comprised of 'levels' that are 'characters'. Further

Hello, I almost always get a panic when running kismet on my ipw-Interface under 6.1-PRERELEASE. This has been the case ever since ipw hit the tree. Sometimes kismet works, sometimes it doesn't. A sure way to trigger the panic is to switch between bss/ibss/monitor mode prior to running kismet. Perhaps there is a bug in the re-initialization when loading a different firmware? Is this panic

So, with the updated HAL, I'm now able to negotiate an IP address via DHCP over the WLAN. Huzzah! But I've got two questions (now that I can use the card): ath(4) doesn't contain a list of media nor mediaopt settings that can be used. Some are detailed down in EXAMPLES, but there's no comprehensive list. (As well, and this is minor, the speeds are explicitly listed for 802.11a

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524 Summary: packetfence - IPtables-save produces output that iptables-restore cannot parse Product: iptables Version: 1.3.3 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: iptables-save

Hi, Not sure if this is useful but I have had no problems with the belkin 54G PCMCIA cards and ndiswrapper. Arun -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On Behalf Of Brian Watters Sent: Thursday, October 27, 2005 6:29 AM To: CentOS mailing list Subject: Re: [CentOS] CentOS 4.x friendly WiFi Cards?? Thanks for the fast reply .. I

GnuCash 2.4.7 released The GnuCash development team proudly announces GnuCash 2.4.7, the seventh bug fix release in a series of stable of the GnuCash Free Accounting Software. With this release series, GnuCash can use an SQL database using SQLite3, MySQL or PostgreSQL. It runs on GNU/Linux, *BSD, Solaris, Microsoft Windows and Mac OSX. Getting GnuCash for Windows (Win32 binary) The

After reading that someone had problems with 802.11i/WPA2, I tested my iwi device, too. 802.11i (as client) works, but disconnects about every five minutes briefly, which is nothing new -- I had the same issue with 6.2-RELEASE. In contrast to 6.2-RELEASE, monitor does not work. Kismet does not receive anything, while it does with ath or ural (even at the same time). dmesg with debug.iwi=2 is