Hello all, I've been playing with tinc to setup a wan between two offices of the company that I work for. I'm partially there but having a slight problem. tinc comes up between the 2 machines (both 2.2.14 debian woody machines), and I can ping from the vpn machine at office a, and get a response from office b. However, if I ping any other machine across the wan I can't get a response. For example: (ips changed for privacy); Host A: DHCP Server/Firewall/Router Internal ip: *.*.1.10 MyVPNIP: *.*.1.10 Route list: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 64.26.135.208 0.0.0.0 255.255.255.240 U 0 0 0 eth0 *.*.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 *.*.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0 0.0.0.0 x.y.z.a 0.0.0.0 UG 0 0 0 eth0 Host B: DHCP Server/Firewall/Router Internal ip: *.*.0.237 MyVPNIP: *.*.0.237 Route list: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface x.y.z.b 0.0.0.0 255.255.255.240 U 0 0 0 eth0 *.*.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 *.*.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0 0.0.0.0 x.y.z.b 0.0.0.0 UG 0 0 0 eth0 PING A->B works. PING B->A works. PING A->*.*.0.3 Doesn't. PING B->*.*.0.3 Does. PING B->*.*.1.100 Doesn't. PING A->*.*.1.100 Does. The mac addresses are properly converted to the appropriate hex values. Any help would be appreciated.. Geoff Norton ------------ iRover.com Director of Technology Pager: (416)381-1665 geoff@iRover.com geoff@timecity.org Lead Network Developer of the Time City project. - Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
On Sat Mar 25 2000, Geoff Norton <geoff@iRover.com> wrote:> > Hello all, > > I've been playing with tinc to setup a wan between two offices of the > company that I work for. I'm partially there but having a slight problem.Try this little patch. If it works for you, I'll make it a new version. ======================================================--- net.c.old Tue Feb 8 00:35:38 2000 +++ net.c Fri Feb 11 00:50:57 2000 @@ -80,8 +80,8 @@ p->len += 12; tmp[0] = tmp[6] = 0xfe; tmp[1] = tmp[7] = 0xfd; - *((ip_t*)(&tmp[2])) = *((ip_t*)(&tmp[30])); /* !! ?? */ - *((ip_t*)(&tmp[8])) = (ip_t)(htonl(myself->vpn_ip)); + *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip)); + *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26])); memcpy(p->data, &tmp[0], p->len); } ====================================================== -- Ivo Timmermans You are just jealous because the little voices are talking to me. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20000326/22c5dbc5/attachment.pgp
On Mon Mar 27 2000, Guus Sliepen <guus@warande3094.warande.uu.nl> wrote:> On Mon, 27 Mar 2000, Geoff Norton wrote: > > > Looked more into it. The packet now goes from HOST A -> HOST B. Reply > > packet goes from HOST B->HOST A, however the ping response never gets > > transferred back to the interface, thus the machine never sees the ping > > response. > > Make sure the MAC address of the interfaces match fe.fd.a.b.c.d, where > a.b.c.d is MyOwnVPNIP *exactly*.Could you please verify the settings of the ethertap device on host A? Host B seems to be configured correctly (assuming you put the patch there also!). -- Ivo Timmermans You are just jealous because the little voices are talking to me. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20000327/1d29cb56/attachment.pgp
On Mon Mar 27 2000, Geoff Norton <geoff@iRover.com> wrote:> Ivo, > > I've sent this directly to you simply because I'm going to paste all > output and obviously for security reasons I don't want internal ips going > out on a mailing list:Understandable. I send the reply to the mailinglist though.> HOST A SETTINGS: > > TapDevice = /dev/tap0 > MyVirtualIP = 192.168.1.0/24This is wrong. Should be 192.168.1.10.> > HOST B SETTINGS: > > TapDevice = /dev/tap0 > MyVirtualIP = 192.168.0.237/24So you did it right here...> > PING FROM A.HOST1 (A host on the subnet in A) -> B.HOST1 (A host on the > subnet in B) > See ping get to A, See ping get to B, no response generated.Does the packet travel past B onto the network 192.168.0 ? -- Ivo Timmermans You are just jealous because the little voices are talking to me. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20000327/221a5e75/attachment.pgp