It didn't help :( When I did ping to 192.168.1.1 from client machine I got the following in syslog: May 8 08:55:54 ns tinc.vpn_net[726]: Sending packet of 100 bytes to US_VPN (x.x.x.x - inetIP) May 8 08:55:55 ns tinc.vpn_net[726]: Incoming data socket error: Connection refused tcpdump -i tap0 gives this: 08:49:13.919331 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:14.919323 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:15.919327 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:16.919334 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:17.919323 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:18.919335 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:19.919327 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:20.919329 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:21.919327 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:22.919327 ns.iris.bg > 192.168.1.1: icmp: echo request 08:49:23.919337 ns.iris.bg > 192.168.1.1: icmp: echo request It seems the other host responds, but packets are not sent vrom tap0 to eth0. On server host, when I ping 192.168.0.1, there is no info in syslog, but tcpdump -i vpn_net gives me this: 09:46:28.134738 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:29.131001 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:30.130997 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:31.131159 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:32.130997 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:33.130996 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:34.131130 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:35.131000 arp who-has 192.168.0.1 tell rtr-us.iris.bg 09:46:36.131000 arp who-has 192.168.0.1 tell rtr-us.iris.bg I wonder if it is because the client mashine is masqueraded and behind firewall. And I portmapped 655 port (TCP and UDP) on the firewall to point to respective ports on the client mashine, but maybe this is not right ? - Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
On Tue, May 08, 2001 at 09:59:34AM +0300, Kostadin Galabov wrote:> It seems the other host responds, but packets are not sent vrom tap0 to > eth0. > > On server host, when I ping 192.168.0.1, there is no info in syslog, but > tcpdump -i vpn_net gives me this: > > 09:46:28.134738 arp who-has 192.168.0.1 tell rtr-us.iris.bg > 09:46:29.131001 arp who-has 192.168.0.1 tell rtr-us.iris.bg > 09:46:30.130997 arp who-has 192.168.0.1 tell rtr-us.iris.bg[...]> > I wonder if it is because the client mashine is masqueraded and behind > firewall. And I portmapped 655 port (TCP and UDP) on the firewall to point > to respective ports on the client mashine, but maybe this is not right ?That's not right. The problem is a difference between 2.2 kernel ethertap and 2.4 kernel tuntap as I assume you are using on the other machine. You have to disable ARP on the tap devices. You can do that by adding an extra ifconfig to the startup script: ifconfig vpn_net -arp For consistency you could also do that on the tap0 from the other machine. ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ ------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20010508/9ff272b4/attachment.pgp