I've got a test lab set up and im having problems connecting. The first problem is that it takes it a couple of tries before it actually connects the two machines. It complains about bogus data and after trying for a minute or so it connects. kill -USR1 shows that they are connected kill -USR2 only shows the local subnet, not the remote I've tried these versions without any luck: cvs checkout -r CABAL -D "1 Jun 2001 10:03:39 +0200" tinc cvs checkout -r CABAL tinc pre4 Host LocationB - LocationA Internal 192.168.1.1 - 192.168.0.1 External 10.0.1.1 - 10.0.0.1 Here are my configuration files on LocationB tinc-up ~~~~~~~~~~~~ #!/bin/sh ifconfig $NETNAME hw ether fe:fd:00:00:00:00 ifconfig $NETNAME 192.168.1.1 netmask 255.255.0.0 ifconfig $NETNAME -arp ~~~~~~~~~~~~ tinc.conf ~~~~~~~~~~~~ Name = LocationB ConnectTo = LocationA PrivateKey = /usr/local/etc/tinc/ourvpn/rsa_key.priv TapDevice = /dev/tun ~~~~~~~~~~~~ rsa_key.priv ~~~~~~~~~~~~ -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCiVD55i0HmftAPExWpnRbKMRiyXfRqQWNcN8IXa5Yzi76b9God -SNIP- I2nKxx2M4CpDhKHu2sNexfMiaNqR1Uc0uuiuPKpN0VA-----END RSA PRIVATE KEY----- hosts/LocationA ~~~~~~~~~~~~ Subnet = 192.168.0.0/24 Address = 10.0.0.1 Port = 655 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKZaxEsNmMnbZzqn49QV4gOngKpD76yYAstqyZCT3rMn1NhViO4D1KI1 -SNIP- bgg9PgR4/FKQQd272rEZ429kaexCa1Uu3VlBA89p4n9N2Txs42zbAgMA//8-----END RSA PUBLIC KEY----- ~~~~~~~~~~~~ hosts/LocationB ~~~~~~~~~~~~ Subnet = 192.168.1.0/24 Address = 10.0.1.1 Port = 655 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKJUPnmLQeZ+0A8TFamdFsoxGLJd9GpBY1w3whdrljOLvpv0ah2pCyHQ -SNIP- JEI8zS7mOhuRTuIJcxzOMDZBVYdvxcAqN4har/XZ5Nxe6+zoUwATAgMA//8-----END RSA PUBLIC KEY----- ~~~~~~~~~~~~ Here are my configuration files on LocationA tinc-up ~~~~~~~~~~~~ #!/bin/sh ifconfig $NETNAME hw ether fe:fd:00:00:00:00 ifconfig $NETNAME 192.168.0.1 netmask 255.255.0.0 ifconfig $NETNAME -arp ~~~~~~~~~~~~ tinc.conf ~~~~~~~~~~~~ Name = LocationB PrivateKey = /usr/local/etc/tinc/ourvpn/rsa_key.priv TapDevice = /dev/tun ~~~~~~~~~~~~ rsa_key.priv ~~~~~~~~~~~~ -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCiVD55i0HmftAPExWpnRbKMRiyXfRqQWNcN8IXa5Yzi76b9God -SNIP- I2nKxx2M4CpDhKHu2sNexfMiaNqR1Uc0uuiuPKpN0VA-----END RSA PRIVATE KEY----- hosts/LocationA ~~~~~~~~~~~~ Subnet = 192.168.0.0/24 Address = 10.0.0.1 Port = 655 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKZaxEsNmMnbZzqn49QV4gOngKpD76yYAstqyZCT3rMn1NhViO4D1KI1 -SNIP- bgg9PgR4/FKQQd272rEZ429kaexCa1Uu3VlBA89p4n9N2Txs42zbAgMA//8-----END RSA PUBLIC KEY----- ~~~~~~~~~~~~ hosts/LocationB ~~~~~~~~~~~~ Subnet = 192.168.1.0/24 Address = 10.0.1.1 Port = 655 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKJUPnmLQeZ+0A8TFamdFsoxGLJd9GpBY1w3whdrljOLvpv0ah2pCyHQ -SNIP- JEI8zS7mOhuRTuIJcxzOMDZBVYdvxcAqN4har/XZ5Nxe6+zoUwATAgMA//8-----END RSA PUBLIC KEY----- ~~~~~~~~~~~~ Any ideas? Thanks, Magnus Ullberg Network Coordinator Area Bancshares Corporation Networking Department 230 Frederica St. Owensboro, KY 42301 about:%53%54%55%50%49%44 Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
On Sat, Nov 03, 2001 at 11:23:53PM -0600, Magnus Ullberg wrote: You are making a small mistake in every tinc.conf:> tinc.conf > ~~~~~~~~~~~~[...]> PrivateKey = /usr/local/etc/tinc/ourvpn/rsa_key.priv[...] That should be PrivateKeyFile instead of PrivateKey. I hope this solves your problems! -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> -- Attached file included as plaintext by Listar -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE75RTWAxLow12M2nsRAjzNAKCLtPCxmJNkmt2XZjnJee6TzjYrTwCfSdXm NrdzB71ivzyY5srfKwPd1Ck=+VZE -----END PGP SIGNATURE----- Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
Thanks, that worked great. One more question.. I'm setting up a vpn between me and a three friends with cable modem/dsl. How should i set up the connections? Should they all connect to the same central node? That would make it a single point of failure. Can i put a ConnectTo line for each node on every machine in the vpn? or will that cause problems? ps. Getting a answer from tech support within a couple of hours is better than i've received from some commercial products.. Who said that support for open source programs is not as good as commercial? :-) -----Original Message----- From: Guus Sliepen [mailto:guus@warande3094.warande.uu.nl] Sent: Sunday, November 04, 2001 4:14 AM To: Magnus Ullberg Cc: 'tinc@nl.linux.org' Subject: Re: Connection problem On Sat, Nov 03, 2001 at 11:23:53PM -0600, Magnus Ullberg wrote: You are making a small mistake in every tinc.conf:> tinc.conf > ~~~~~~~~~~~~[...]> PrivateKey = /usr/local/etc/tinc/ourvpn/rsa_key.priv[...] That should be PrivateKeyFile instead of PrivateKey. I hope this solves your problems! -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
> ps. > Getting a answer from tech support within a couple of hours is better > than > i've received from some commercial > products.. > Who said that support for open source programs is not as good as > commercial? > :-)Accualy...you've got an answer from the main developer....that NEVER happens with commercial products Greetz, Ivo Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
When you say loops, do you mean A->B and B->A or A->B, B->C, C->A, or A->A? -----Original Message----- From: Guus Sliepen [mailto:guus@warande3094.warande.uu.nl] Sent: Sunday, November 04, 2001 2:30 PM To: tinc@nl.linux.org Cc: Magnus Ullberg Subject: Re: Connection problem On Sun, Nov 04, 2001 at 01:29:52PM -0600, Magnus Ullberg wrote:> One more question.. I'm setting up a vpn between me and a three > friends with cable modem/dsl. How should i set up the connections? > Should they all connect to the same central node? That would make it a > single point of failure. Can i put a ConnectTo line for each node on > every machine in the vpn?You can. However, try not to make loops with the ConnectTo lines, as this might result in endless connect/disconnects between tinc daemons. We are working on a fix for this. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
very true :) -----Original Message----- From: vdongen [mailto:vdongen@hetisw.nl] Sent: Sunday, November 04, 2001 1:34 PM To: "'tinc@nl.linux.org'" <tinc@nl.linux.org>;"Magnus Ullberg" Subject: RE: Connection problem> ps. > Getting a answer from tech support within a couple of hours is better > than > i've received from some commercial > products.. > Who said that support for open source programs is not as good as > commercial? > :-)Accualy...you've got an answer from the main developer....that NEVER happens with commercial products Greetz, Ivo Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/ Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
ok, thanks ps. hehe, once again.. got a reply to my email 4 minutes after sending it ;) is it was up to me i'd go with opensource software any day.. i dont know how long it took us to get a actual Novell engineer on the line.. -----Original Message----- From: Guus Sliepen [mailto:guus@warande3094.warande.uu.nl] Sent: Monday, November 05, 2001 6:58 AM To: tinc@nl.linux.org Cc: Magnus Ullberg Subject: Re: Connection problem On Mon, Nov 05, 2001 at 06:54:32AM -0600, Magnus Ullberg wrote:> When you say loops, do you mean > A->B and B->A > or > A->B, B->C, C->A, > or > A->A?All of them. If you have four machines, do something like this: A->B, A->C, A->D B->C, B->D C->D That way you don't have loops, and if machine D fails everyone will switch to machine C, unless it fails to, etc.. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
Hi
I have set up a test vpn between two masquerading firewalls. I
don't really see any way to test it so I've been pinging. When I ping
serverA from serverB (or vicea-versa) I can see that the pings reach the
intended target but the pingee does not recieve the replys. Is this a
firewall issue? Forwarding? I'm using RedHat 7.2, kernel 2.4.7-10smp.
Any help or suggestions would be appreciated.
Thanks
P.S.
The email link at http://tinc.nl.linux.org/mail.html doesn't seem
to work. In Netscape it wants to send to 3 users (tinc, at,
nl.linux.org). Looking at the html source shows mailto:tinc at
nl.linux.org. Of course I figured it out but thought you might like to
know.
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
Thank you for the response. I finally got some time to work on this
problem. Following is the info you requested. Hope it's not too much
but I didn't want to leave out anything that may have been of
importance.
ServerA:
###/tinc/office_vpn/tinc.conf
Name = ServerA
TapDevice = /dev/tun
PrivateKeyFile = /usr/local/etc/tinc/office_vpn/rsa_key.priv
###/tinc/office_vpn/hosts/ServerA
Address = 209.1.1.1
Subnet = 192.168.255.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
###/tinc/office_vpn/hosts/ServerB
Address = 209.1.1.2
Subnet = 192.168.1.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
............................................................
ServerB:
###/tinc/office_vpn/tinc.conf
Name = ServerB
ConnectTo = ServerA
TapDevice = /dev/tun
PrivateKeyFile = /usr/local/etc/tinc/office_vpn/rsa_key.priv
###/tinc/office_vpn/hosts/ServerA
Address = 209.1.1.1
Subnet = 192.168.255.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
###/tinc/office_vpn/hosts/ServerB
Address = 209.1.1.2
Subnet = 192.168.1.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
...................................................
Result of "ifconfig -a" on ServerB:
eth0 Link encap:Ethernet HWaddr 00:A0:CC:DB:F2:57
inet addr:209.1.1.1 Bcast:209.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 00:A0:CC:DB:FB:2C
inet addr:209.1.2.1 Bcast:209.1.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth2 Link encap:Ethernet HWaddr 00:A0:CC:DB:DC:55
inet addr:192.168.1.253 Bcast:192.168.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
office_vp Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:192.168.1.253 Bcast:192.168.1.255 Mask:255.255.0.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
................................................................................
Result of "route" on ServerB:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 209-1-2-1 255.255.255.0 UG 0 0 0
eth1
office_vpn * 255.255.255.0 U 0
0 0 eth2
209.1.2.0 * 255.255.255.0 U 0
0 0 eth1
209.1.1.0 * 255.255.255.0 U 0
0 0 eth0
192.168.0.0 * 255.255.0.0 U 0
0 0 office_vpn
127.0.0.0 * 255.0.0.0 U 0
0 0 lo
default 209-1-1-10 0.0.0.0 UG 0 0 0
eth0
...................................................................................
Result of "iptables -t nat -L -v" on ServerB:
Chain PREROUTING (policy ACCEPT 4075 packets, 823K bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- any any anywhere
209.1.1.0/24 tcp dpt:tinc to:192.168.1.253:655
Chain POSTROUTING (policy ACCEPT 664 packets, 158K bytes)
pkts bytes target prot opt in out source
destination
348 24626 MASQUERADE all -- any eth0 anywhere
anywhere
0 0 ACCEPT all -- any any 209.1.1.0/24
anywhere
Chain OUTPUT (policy ACCEPT 2578 packets, 332K bytes)
pkts bytes target prot opt in out source
destination
...................................................................................
Result of "iptables -L -v" on ServerB:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2 118 ACCEPT all -- any any mail.idsb.net
anywhere
0 0 ACCEPT all -- any any 209-1-20-1
anywhere
0 0 ACCEPT all -- any any 209-1-20-1
anywhere
0 0 ACCEPT all -- any any 192.168.255.1
anywhere
0 0 ACCEPT all -- any any 192.168.0.0/16
anywhere
0 0 ACCEPT tcp -- any any mail.idsb.net
209.1.1.0/24 tcp dpt:tinc
0 0 ACCEPT udp -- any any mail.idsb.net
209.1.1.0/24 udp dpt:tinc
0 0 ACCEPT tcp -- any any anywhere
209.1.1.0/24 tcp dpt:domain
0 0 ACCEPT udp -- any any anywhere
209.1.1.0/24 udp dpt:domain
5 468 ACCEPT all -- lo any anywhere
anywhere
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp echo-request limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp echo-reply limit: avg 1/sec burst 5
0 0 ACCEPT udp -- any any anywhere
209.1.1.0/24 udp dpt:traceroute
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp host-unreachable
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp timestamp-request
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp address-mask-request
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp address-mask-reply
0 0 LD icmp -- any any anywhere
209.1.1.0/24 icmp redirect
0 0 LD icmp -- any any anywhere
209.1.1.0/24 icmp source-quench
0 0 ACCEPT all -- any any office_vpn/24
anywhere
0 0 LD all -- eth0 any 1.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 2.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 7.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 23.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 27.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 31.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 41.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 45.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 60.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 68.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 69.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 70.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 71.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 80.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 88.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 90.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 91.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 92.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 100.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 111.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 112.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 127.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 127.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 128.66.0.0/16
209.1.1.0/24
0 0 LD all -- eth0 any 172.16.0.0/12
209.1.1.0/24
0 0 LD all -- eth0 any 192.168.0.0/16
209.1.1.0/24
0 0 LD all -- eth0 any 197.0.0.0/16
209.1.1.0/24
0 0 LD all -- eth0 any 201.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 220.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 222.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 240.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 242.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 244.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 251.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 254.0.0.0/8
209.1.1.0/24
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:31337 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:31337 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:33270 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:33270 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:1234 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:6711 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:ingreslock limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:27665 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:27444 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:31335 limit: avg 2/min burst 5
0 0 LD all -- any any BASE-ADDRESS.MCAST.NET/8
anywhere
0 0 LD all -- any any anywhere
BASE-ADDRESS.MCAST.NET/8
0 0 LD all -- any any 255.255.255.255
anywhere
0 0 LD all -- any any anywhere
0.0.0.0
0 0 LD all -f any any anywhere
anywhere limit: avg 10/min burst 5
0 0 ACCEPT ipv6-auth-- any any anywhere
anywhere
0 0 ACCEPT tcp -- any any anywhere
anywhere tcp spt:ssh dpts:login:65535 flags:!SYN,RST,ACK/SYN
state RELATED
0 0 ACCEPT tcp -- any any anywhere
anywhere tcp spt:ftp-data dpts:1023:65535
flags:!SYN,RST,ACK/SYN state RELATED
86 61322 ACCEPT tcp -- any any anywhere
anywhere state ESTABLISHED
5 1602 ACCEPT udp -- any any anywhere
209.1.1.0/24 udp dpts:1023:65535
0 0 LD all -- any any anywhere
anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- any eth0 office_vpn/24
anywhere
0 0 ACCEPT all -- any any anywhere
office_vpn/24
Chain OUTPUT (policy ACCEPT 113 packets, 11937 bytes)
pkts bytes target prot opt in out source
destination
5 468 ACCEPT all -- any lo anywhere
anywhere
0 0 ACCEPT all -- any any office_vpn/24
anywhere
0 0 ACCEPT icmp -- any any office_vpn/24
anywhere
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:31337 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:31337 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:33270 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:33270 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:1234 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:6711 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:ingreslock limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:27665 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:27444 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:31335 limit: avg 2/min burst 5
0 0 LD all -- any any BASE-ADDRESS.MCAST.NET/8
anywhere
0 0 LD all -- any any anywhere
BASE-ADDRESS.MCAST.NET/8
0 0 LD all -- any any 255.255.255.255
anywhere
0 0 LD all -- any any anywhere
0.0.0.0
0 0 ACCEPT icmp -- any any 209.1.1.0/24
anywhere
0 0 ACCEPT tcp -- any any 209.1.1.0/24
anywhere tcp dpts:1023:65535
0 0 ACCEPT udp -- any any 209.1.1.0/24
anywhere udp dpts:1023:65535
Chain LD (77 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- any any anywhere
anywhere LOG level warning
0 0 DROP all -- any any anywhere
anywhere
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/