Whens the point and click GUI coming out?
All kidding aside, I seem to be confused about some of the network
settings. Essentially all I want is a secure tunnel from machine A to B
on two different physical networks, but I can't seem to get there.
Just to get things figured out I've got two machines on the same physical
network, mach A: 192.168.0.1, mach B: 192.168.0.3. bcast is 192.168.0.255.
Machine A /etc/tinc/tinc.conf
ListenPort=655
MyOwnVPNIP=10.0.0.1/24
Passphrases=/etc/tinc/passphrases
TapDevice=/dev/tap0
VpnMask=255.0.0.0
Machine A ifconfig
ifconfig tap0 10.0.0.1 broadcast 10.255.255.255 netmask 255.0.0.0
Machine B /etc/tinc/tinc.conf
ConnectTo=192.168.0.1
MyOwnVPNIP=10.0.0.2/24
Passphrases=/etc/tinc/passphrases
TapDevice=/dev/tap0
VpnMask=255.0.0.0
Machine B ifconfig
ifconfig tap0 10.0.0.2 broadcast 10.255.255.255 netmask 255.0.0.0
I start tincd on Machine A
junior:~# tincd -d -d -d
junior:~# Jul 26 19:16:41 junior tinc[25669]: tincd 1.0pre2 (May 31 2000
20:52:02) starting, debug level 3.
Jul 26 19:16:41 junior tinc[25669]: Generating 128 bits keys.
Jul 26 19:16:41 junior tinc[25669]: Ready: listening on port 655.
I start tincd on Machine B
luna:/etc/tinc/passphrases# tincd -d -d -d
luna:/etc/tinc/passphrases# Jul 26 06:01:01 luna tinc[535]: tincd 1.0pre2
(May 31 2000 20:52:02) starting, debug level 3.
Jul 26 06:01:01 luna tinc[535]: Generating 128 bits keys.
Jul 26 06:01:01 luna tinc[535]: Ready: listening on port 655.
Jul 26 06:01:01 luna tinc[535]: Connected to 192.168.0.1:655
Jul 26 06:01:01 luna tinc[535]: got BASIC_INFO(655,10.0.0.1,255.255.255.0)
Jul 26 06:01:01 luna tinc[535]: Peer uses protocol version 6
Jul 26 06:01:01 luna tinc[535]: Opening UDP socket to 192.168.0.1
Jul 26 06:01:01 luna tinc[535]: Send BASIC_INFO to 192.168.0.1
Jul 26 06:01:01 luna tinc[535]: got PASSPHRASE
Jul 26 06:01:01 luna tinc[535]: Send PASSPHRASE
2205ac5ca903e2dcb4f77cd382fd2bfbc211640a4c7ef4e9b15bc81b15f3139731b0398c208071ef27ce470cdf895d25f8e15efb6ab87aa44a56ac5f5543e86bbac96e7b226e1a98a43dcf91a838f7c2723526a7e3ffe953589c7a5afb7a17fdb0f6711b874b24cf4b9c3388da93c17adfc35a28194576328bb6ecbf07e17928
to 10.0.0.1
Jul 26 06:01:01 luna tinc[535]: got PUBLIC_KEY 2y3ssdjgr67h5lni6axfhhpou
Jul 26 06:01:01 luna tinc[535]: Passphrase OK
Jul 26 06:01:01 luna tinc[535]: Send PUBLIC_KEY 19l8l8fs6syobo56tgfmrxrig
to 10.0.0.1
Jul 26 06:01:01 luna tinc[535]: got ACK
Jul 26 06:01:01 luna tinc[535]: Connection with 192.168.0.1 activated.
Over on Machine A I see..
junior:~# Jul 26 19:17:17 junior tinc[25669]: Connection from
192.168.0.3:1137
Jul 26 19:17:17 junior tinc[25669]: Send BASIC_INFO to 192.168.0.3
Jul 26 19:17:17 junior tinc[25669]: got
BASIC_INFO(655,10.0.0.2,255.255.255.0)
Jul 26 19:17:17 junior tinc[25669]: Peer uses protocol version 6
Jul 26 19:17:17 junior tinc[25669]: Opening UDP socket to 192.168.0.3
Jul 26 19:17:17 junior tinc[25669]: Send PASSPHRASE
da887215136a52466a68961cfd6632fe6aff78fa2892c6236ad007a4f026087475c41a0fb175396843bc9866c83c588756e29484fa29ff36c5f0fadf87a3ffcd6a4490387af2d17355b3a1b35848aa37077dfc75863a7b52199b0e6a75f72fc6daec757938aa7649047b9b4ef54a9de85d5daed4bdf29ea9392ee2045467e439
to 10.0.0.2
Jul 26 19:17:17 junior tinc[25669]: got PASSPHRASE
Jul 26 19:17:17 junior tinc[25669]: Send PUBLIC_KEY
2y3ssdjgr67h5lni6axfhhpou to 10.0.0.2
Jul 26 19:17:17 junior tinc[25669]: got PUBLIC_KEY
19l8l8fs6syobo56tgfmrxrig
Jul 26 19:17:17 junior tinc[25669]: Passphrase OK
Jul 26 19:17:17 junior tinc[25669]: Send ACK to 192.168.0.3
Jul 26 19:17:17 junior tinc[25669]: Connection with 192.168.0.3 activated.
So it all looks like it worked at this point..
I try and ping machine A's VPN IP from Machine B, but get no
response. heres the log..
luna:/etc/tinc/passphrases# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
Jul 26 06:02:58 luna tinc[535]: Sending out request for public key to
10.0.0.1
Jul 26 06:02:59 luna tinc[535]: Yeah! key arrived. Now do something with
it.
Jul 26 06:02:59 luna tinc[535]: Flushing send queue for 10.0.0.1
Jul 26 06:02:59 luna tinc[535]: got REQ_KEY from 10.0.0.1 for 10.0.0.2
Jul 26 06:02:59 luna tinc[535]: Sending public key to 10.0.0.1
tcpdump on Machine A sees it
junior:~# tcpdump -i tap0
tcpdump: listening on tap0
19:20:15.890226 10.0.0.2 > 10.0.0.1: icmp: echo request (DF)
19:20:16.888595 10.0.0.2 > 10.0.0.1: icmp: echo request (DF)
19:20:17.888602 10.0.0.2 > 10.0.0.1: icmp: echo request (DF)
19:20:18.888617 10.0.0.2 > 10.0.0.1: icmp: echo request (DF)
19:20:19.889183 10.0.0.2 > 10.0.0.1: icmp: echo request (DF)
19:20:20.888828 10.0.0.2 > 10.0.0.1: icmp: echo request (DF)
but its not responding. So I'm guessing I've got my netmasks and
broadcasts wrong at some spot. With the broadcast settings I use with
ifconfig tap0 on machine A, it should (i think) be picking up anything
from 10.*.*.* and responding to anything destined for its IP, but
obviously its not.
I'm not much of a network person, any help you can give setting me
straight is much appreciated.
Sorry for the verbose logging:)
-Don
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/