On Thu, Mar 08, 2001 at 11:51:53AM +0100, Marcel Loesberg wrote:> I'm going to build a VPN and I want to use either Tinc or FreeS/WAN. > I've started building the VPN with FreeS/WAN and I find things are getting > rather complicated. > I looks like Tinc is much easier to configure but in the FAQ and in what I've > seen of the documentation so far there is no mention of using Tinc from > behind a firewall. > Can it be done? Can the Tinc server be behind my corporate firewall? > If this is possible then I should use Tinc and dump FreeS/WAN :)Yes, it can be done. You have a number of options: - install tinc on the firewall (easiest, most practical) - either allow UDP packets on port 655 to go through the firewall, and install tinc on a machine behind the firewall - use the TcpOnly mode (available in tinc 1.0pre2), and install tinc on a machine behind the firewall. The other tinc daemon however must be reachable, so you can't have both behind a firewall if they do masquerading. We hope to get TcpOnly back in pre4. ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ ------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20010308/cbef2b50/attachment.pgp
On Thu, Mar 08, 2001 at 02:06:20PM +0100, Marcel Loesberg wrote:> > Yes, it can be done. You have a number of options: > > > > - either allow UDP packets on port 655 to go through the firewall, and install > > tinc on a machine behind the firewall > > Simply allow them or forward them to the Tinc machine?If you have a masquerading firewall, forward them (on port 655, don't let it be nat'd to another portnumber), if not just allow. ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ ------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20010308/26e9aa04/attachment.pgp
On Mon, Mar 12, 2001 at 04:11:51PM +0100, Marcel Loesberg wrote:> Is there a support list for tinc?Yes, tinc@nl.linux.org. For instructions how to subscribe, see the homepage.> If not I have a question for you. > When I try to start tinc I get this error: > > > [root@test /root]# tincd > > Failed to read `/usr/local/etc/tinc/tinc.conf': No such file or directory > > /usr/local/etc/tinc/tinc.conf exists and is owned by root. > It has 755 permissions. > > Why can't tinc read it?Make sure there is a newline at the end of that file, it doesn't like that but gives a nonsensical error message... ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ ------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20010312/8da425b4/attachment.pgp