similar to: RESOLVED: Can't Route LAN Traffic Behind Tinc Network

I have a 4 Node Tinc VPN setup with 2 nodes on my LAN and the other 2 outside the LAN in the cloud. Everything has been working great for about 5 years now, until today when I decided to move one of the nodes to another box. I basically, copied over the /etc/tinc folder to the new server and also moved the /etc/network/interfaces file, so that the new server was an exact mirror (more or less).

Thanks again Keith. I disabled UFW and flushed iptables completely, but same result. Pings from the external node are reaching the internal node on the tinc0 interface but nothing happens after that. Now that I'm thinking of it, I did some masquerading in order to get OpenVPN to work on another box, I wonder if that would be applicable here? Very Respectfully, Kismet Agbasi

Thanks Keith. Here's the output: root at ubuntu2:~# iptables -vnL FORWARD Chain FORWARD (policy ACCEPT 745 packets, 47680 bytes) pkts bytes target prot opt in out source destination 6299 416K ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 6299 416K ufw-before-forward all -- * * 0.0.0.0/0

Thank you guys for a great product. I have successfully setup a VPN between a cloud server and an internal one (details below). However, I am unable to pass traffic from the cloud to the internal machines behind the tunnel. Internal subnet: 172.23.6.0/24 Host Public IP: 50.242.184.132 Host LAN IP: 172.23.6.148 Host VPN IP: 10.9.0.2 Cloud Server IP: 107.170.55.181 Cloud Server

Keith, Thanks for the reply and the pointers. > Did you remember to activate kernel ip forwarding? > i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ? I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. > and when I saw that I was about to cancel

Lars, Thanks for that tcpdump command, very helpful. I was able to confirm that the packets are indeed reaching the INSIDE node - so I'm suspecting that my routing table might be wrong. Very Respectfully, Kismet Agbasi -----Original Message----- From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Lars Kruse Sent: Wednesday, October 5, 2016 4:18 PM To: tinc at tinc-vpn.org

Hi Kismet, Am Wed, 5 Oct 2016 10:13:13 -0400 schrieb "Kismet Agbasi" <kagbasi at centraltruck.net>: > At this point I'm unsure of which information to provide in order to elicit > some assistance, however, below is the routing table of one INTERNAL and > EXTERNAL node. I basically want to be able to reach the 172.23.6.0 network > from any of the EXTERNAL nodes -

On 06/10/2016 16:33, Kismet Agbasi wrote: > Thanks Keith. Here's the output: OK. I'd like to say that I recognize this is now off topic for the tinc list, as it really is about basic routing and firewalls and has little if anything to do with tinc at this point. However, it's a low volume list, so unless anyone complains, lets thrash it out here. > wrong interface......hmmm.

On 06/10/2016 17:16, Kismet Agbasi wrote: > Thanks again Keith. I disabled UFW and flushed iptables completely, but same result. Pings from the external node are reaching the internal node on the tinc0 interface but nothing happens after that. Now that I'm thinking of it, I did some masquerading in order to get OpenVPN to work on another box, I wonder if that would be applicable here?

On 05/10/2016 16:13, Kismet Agbasi wrote: > I have a 4 Node Tinc VPN setup with 2 nodes on my LAN and the other 2 > outside the LAN in the cloud. Everything has been working great for about 5 > years now, until today when I decided to move one of the nodes to another > box. Hi Kismet, Just thought I'd jump in here as I do a lot of this kind of thing, and in case you haven't

On 06/10/2016 15:48, Kismet Agbasi wrote: >> Did you remember to activate kernel ip forwarding? >> i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ? > I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. OK , let's just do one other simple

Here is what I got. root ubuntu:/home/john# virsh start ubuntu2 error: Failed to start domain ubuntu2 error: internal error Process exited while reading console log output: char device redirected to /dev/pts/1 bind(unix:/var/lib/libvirt/qemu/ubuntu2.libguestfs): Permission denied chardev: opening backend "socket" failed: Permission denied root ubuntu:/home/john# ll

Hello, I almost always get a panic when running kismet on my ipw-Interface under 6.1-PRERELEASE. This has been the case ever since ipw hit the tree. Sometimes kismet works, sometimes it doesn't. A sure way to trigger the panic is to switch between bss/ibss/monitor mode prior to running kismet. Perhaps there is a bug in the re-initialization when loading a different firmware? Is this panic

I have two domain controllers running ubuntu (12.04 and 13.10) both with samba (4.1.6 and 4.1.7) installed and running (and with sssd on both machines to retrieve uid/gid from AD). I wish to set a share on ubuntu2 in the way so it could be accessible only from ubuntu1 (and by any user from ubuntu1, for instance by local root). I have found this solution though I'm not sure it solves my issue:

I am trying to work my way up the learning curve through a forest of conflicting and mostly non-working examples and help pages spread about the internet. I have had no trouble getting a basic vm to build and to then start it up. But I have utterly failed to gain access to the machine. The only host I have available that can run it is a remote server. I have not got the networking side working

Hello everyone, I am trying to set up sasl authentication in virt-manager. I read in one existing bug, that it is better to use tls for encryption and sasl for authentication, but not use sasl for both. I configured tls, it was fine. Then I created a user "u" on server and modified libvirtd.conf. I set auth_tls = "sasl" there and mech_list: scram-sha-1 in sasl2 config for

Hello everyone, I am trying to set up sasl authentication in virt-manager. I read in one existing bug, that it is better to use tls for encryption and sasl for authentication, but not use sasl for both. I configured tls, it was fine. Then I created a user "u" on server and modified libvirtd.conf. I set auth_tls = "sasl" there and mech_list: scram-sha-1 in sasl2 config for

Hello everyone, I am trying to set up sasl authentication in virt-manager. I read in one existing bug, that it is better to use tls for encryption and sasl for authentication, but not use sasl for both. I configured tls, it was fine. Then I created a user "u" on server and modified libvirtd.conf. I set auth_tls = "sasl" there and mech_list: scram-sha-1 in sasl2 config for

After reading that someone had problems with 802.11i/WPA2, I tested my iwi device, too. 802.11i (as client) works, but disconnects about every five minutes briefly, which is nothing new -- I had the same issue with 6.2-RELEASE. In contrast to 6.2-RELEASE, monitor does not work. Kismet does not receive anything, while it does with ath or ural (even at the same time). dmesg with debug.iwi=2 is

I''ve gone over the documentation several times now and I can''t figure out how to ''apply'' a manifest to a client. The client does have a signed certificate but the only thing in the /etc/puppet folder on the client is an ssl directory. I have a manifest that works fine on the puppet ''master'' I have added the client into