tinc - Aug 2000 - tinc config(?) problems

I'm having a bit of a problem getting tinc up and running between a pair of
RedHat (one 6.0, the other 6.1) boxes. It's installed and configured to the
point where they can connect, but I'm not seeing any traffic passing
between the two systems.

System A looks like - 
tinc.conf:
# Sample tinc configuration.
# Insert your own ip numbers instead of the placeholders,
# and be sure to use your own passphrases.
# See man tinc.conf(5) tincd(8) genauth(8), info tinc and
# /usr/doc/tinc-1.0pre2/tinc.conf.sample
TapDevice = /dev/tap0
#ConnectTo = peer.real.ip.number
MyVirtualIP = 192.168.2.1/24
#AllowConnect = no
VpnMask = 255.255.255.0

ifconfig (eth0 is internal): 

eth0      Link encap:Ethernet  HWaddr 00:A0:24:81:B9:15
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:1090148 errors:1 dropped:1 overruns:0 frame:2
          TX packets:1199574 errors:0 dropped:0 overruns:0 carrier:23
          collisions:32828 txqueuelen:100
          Interrupt:9 Base address:0xe400

eth1      Link encap:Ethernet  HWaddr 00:A0:C9:B4:6F:BB
          inet addr:24.27.164.16  Bcast:255.255.255.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1355209 errors:1 dropped:0 overruns:0 frame:10
          TX packets:1068137 errors:0 dropped:0 overruns:0 carrier:0
          collisions:12215 txqueuelen:100
          Interrupt:11 Base address:0xd800

tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          Interrupt:5

route: 
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.2.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 tap0
24.27.164.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        192.168.2.1     255.0.0.0       UG    0      0        0 tap0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         24.27.164.1     0.0.0.0         UG    0      0        0 eth1

Machine B looks like - 
tinc.conf:
# Sample tinc configuration.
# Insert your own ip numbers instead of the placeholders,
# and be sure to use your own passphrases.
# See man tinc.conf(5) tincd(8) genauth(8), info tinc and
# /usr/doc/tinc-1.0pre2/tinc.conf.sample
TapDevice = /dev/tap0
ConnectTo = halsallnet.penguinpowered.com
MyVirtualIP = 10.254.1.9/32
AllowConnect = no
VpnMask = 255.0.0.0

ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:A0:24:15:B0:F9
          inet addr:10.254.1.9  Bcast:10.254.1.11  Mask:255.255.255.252
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2421976 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1935417 errors:0 dropped:0 overruns:0 carrier:0
          collisions:67520 txqueuelen:100
          Interrupt:7 Base address:0x210

eth1      Link encap:Ethernet  HWaddr 08:00:2B:BC:FE:18
          inet addr:24.29.3.206  Bcast:24.29.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6478886 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2182964 errors:17543 dropped:0 overruns:0 carrier:0
          collisions:14465 txqueuelen:100
          Interrupt:5 Base address:0x300

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:255 errors:0 dropped:0 overruns:0 frame:0
          TX packets:255 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:02
          inet addr:10.254.1.9  Bcast:10.255.255.255  Mask:255.255.255.252
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          Interrupt:5

route:
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.254.1.9      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
24.29.3.206     0.0.0.0         255.255.255.255 UH    0      0        0 eth1
10.254.1.8      0.0.0.0         255.255.255.252 U     0      0        0 eth0
10.254.1.8      0.0.0.0         255.255.255.252 U     0      0        0 tap0
192.168.2.0     10.254.1.9      255.255.255.0   UG    0      0        0 tap0
24.29.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth1
24.27.0.0       24.29.3.206     255.255.0.0     UG    0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         10.254.1.10     0.0.0.0         UG    0      0        0 eth0

I do have ipchains scripts running on both ends, but seeing as how the
gateways can set up a connection, traffic should pass through them. tcpdump
reveals that echo requests get to tap0 on both ends, but no echo replies
are sent.
Any ideas where I screwed up?

Thanks for any help you can provide.

-Mark

--
Mark Halsall                            mark@hccanet.org
Internet Specialist, Hamilton/Clermont Cooperative Association
                   (513) 931-7120, x20     
Personal email should go to <mailto:spanner@cinci.rr.com>.

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

On Thu, Aug 03, 2000 at 12:52:45PM -0500, Ivo Timmermans
wrote:
> I'm having a bit of a problem getting tinc up and running between a
pair of
> RedHat (one 6.0, the other 6.1) boxes. It's installed and configured to
the
> point where they can connect, but I'm not seeing any traffic passing
> between the two systems.
> 
> MyVirtualIP = 192.168.2.1/24
this needs to be:

MyVirtualIP = 192.168.2.1/16
> route: 
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.2.1     0.0.0.0         255.255.255.255 UH    0      0        0
eth0
> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0
eth0
> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0
tap0
> 24.27.164.0     0.0.0.0         255.255.255.0   U     0      0        0
eth1
> 10.0.0.0        192.168.2.1     255.0.0.0       UG    0      0        0
tap0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         24.27.164.1     0.0.0.0         UG    0      0        0
eth1
not sure about the routing table.. should work ok but using 2 different
classes seems hoaky to me.. maybe the solutions i'm providing will make
it work right heh, as routing seems to look ok, i'm just not used to
something as weird looking as this one :)
> Machine B looks like - 
> tinc.conf:
> ConnectTo = halsallnet.penguinpowered.com
i tend to find it easier to specify the actual ip here, so that you
don't have to wait for any name resolution to take place (and therefore
speed things up just a tad)
> MyVirtualIP = 10.254.1.9/32
ok, now i KNOW this one is wrong, it was documented in an earlier post
to this list... iirc (and i might not), try this:

MyVirtualIP = 10.254.1.9/24


And on a side note, you do not have to bind either of these IP's to any
real ethernet device. tap0 will suffice.. binding them to real ethernet
devices seems sort of redundant and risky.

-- 
    .oO Gnea [gnea at rochester dot rr dot com] Oo.
         .oO url: http://garson.org/~gnea Oo.

"You can tune a filesystem, but you can't tuna fish." -unknown
-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/