Hello there,
I was hoping that maybe one of you guys could help me out with a problem I'm
experiencing with tinc1.0pre7.
First, I'll start with my configuration, after that I'll explain my
problem.
Background
----------
This is a simple, client-server situation on a private network. Both
machines run the same Debian Woody 3.0 testing installation and both have
identical packages (deb files) installed for the kernel, tinc and related
stuff.
As the info below will show, "iwan" is the name of this vpn. On both
machines this net is automatically started through init.d.
Server (Debian Woody)
---------------------
uname -a: Linux Server 2.4.18-586tsc #1 Sun Apr 14 10:57:57 EST 2002
i586 unknown
eth0: 217.x.x.22 (not relevant in this situation)
eth1: 192.168.0.1/24
tap0: 10.0.0.1/16 (vpn device)
/etc/tinc/iwan/tinc.conf:
Name = Server
Device = /dev/tap0
PrivateKeyFile = /etc/tinc/iwan/rsa_key.priv
Interface = vpn
/etc/tinc/iwan/tinc-up:
#!/bin/sh
ifconfig tap0 hw ether fe:fd:0:0:0:0
ifconfig tap0 10.0.0.1 netmask 255.255.0.0
ifconfig tap0 -arp
/etc/tinc/iwan/hosts/Server: (on both machines)
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
#Address = 217.x.x.22
Address = 192.168.0.1
Subnet = 10.0.0.0/16
Client (Debian Woody)
---------------------
uname -a: Linux client 2.4.18-586tsc #1 Sun Apr 14 10:57:57 EST 2002
i586 unknown
eth0: 192.168.0.9/24
tap0: 10.0.0.3/16 (vpn device)
/etc/tinc/iwan/tinc.conf:
ConnectTo = Server
Name = Client
Device = /dev/tap0
PrivateKeyFile = /etc/tinc/iwan/rsa_key.priv
Interface = vpn
/etc/tinc/iwan/tinc-up:
#!/bin/sh
ifconfig tap0 hw ether fe:fd:0:0:0:0
ifconfig tap0 10.0.0.3 netmask 255.255.0.0
ifconfig tap0 -arp
/etc/tinc/iwan/hosts/Client: (on both machines)
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
Address = 192.168.0.9
Subnet = 10.0.0.0/16
General
-------
For both machines I have added the following to /etc/modules:
netlink_dev
ethertap
and the following to /etc/modules.conf:
alias char-major-36 netlink_dev
alias tap0 ethertap
options tap0 -o tap0 unit=0
alias tap1 ethertap
options tap1 -o tap1 unit=1
(No details, except for the public keys and my external IP, have been
*intentionally* ;) left out.)
Problem
-------
Suffice it to say that I cannot ping across the vpn. Pinging the regular eth
devices of either host works perfectly and pinging the respective local tap0
device works fine too, but pinging across the vpn doesn't.
Logs
----
It varies a bit, but on both the server and client I get this in the syslog:
(i.e., no other errors)
Jul 7 20:46:17 Client tinc.iwan[202]: tincd 1.0pre7 starting
Jul 7 20:46:17 Client tinc.iwan[202]: /dev/tap0 is a Linux ethertap device
Jul 7 20:46:18 Client tinc.iwan[202]: Ready
Jul 7 20:47:10 Client tinc.iwan[202]: Got fatal signal 11 (Segmentation
fault)
Jul 7 20:47:10 Client tinc.iwan[202]: Trying to re-execute in 5 seconds...
Jul 7 20:47:15 Client tinc.iwan[221]: tincd 1.0pre7 starting
Jul 7 20:47:15 Client tinc.iwan[221]: /dev/tap0 is a Linux ethertap device
Jul 7 20:47:15 Client tinc.iwan[221]: Ready
Jul 7 20:49:46 Client tinc.iwan[242]: Metadata socket error for Server
(192.168.0.1 port 655): Connection reset by peer
and:
Jul 7 20:47:10 Server tinc.iwan[909]: Metadata socket error for Client
(192.168.0.9 port 1025): Connection reset by peer
Jul 7 20:49:46 Server tinc.iwan[909]: net2str() was called with unknown
subnet type 134621912, exitting!
The errors about the metadata and net2str() are the most common ones.
Attempts
--------
I have attempted to leave out the subnet definitions in each of the host
files (on both machines), but that didn't help. Also, using
"192.168.0.0/24"
as the subnet didn't work either. (You might say "of course not",
but at
that point I was willing to try everything.) And of course I have Read The
Fine Manual as well as the examples section on the website over and over.
Conlusion
---------
I hope I have provided enough details... Any help would be greatly
appreciated, because I'm all out of ideas.
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
Oops, silly me.
My name is Arno van der Kolk, by the way. ;)
I have been reading some more through the mail archive and have enabled
debug level 5. It seems both hosts are ping-ponging quite nicely.
However, I have also found out the following:
Client:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
Generates the following in the log:
Jul 7 23:21:53 Client tinc.iwan[273]: Read packet of 249 bytes from Linux
ethertap device
Jul 7 23:21:53 Client tinc.iwan[273]: Sending packet of 249 bytes to Client
(MYSELF)
Jul 7 23:21:53 Client tinc.iwan[273]: Packet is looping back to us!
This goes for both hosts.
----------------------------------------------
More information
The routing table for the Server looks like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
217.x.x.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
10.0.0.0 10.0.0.3 255.255.0.0 UG 0 0 0 tap0
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0
0.0.0.0 217.120.198.1 0.0.0.0 UG 0 0 0 eth0
The routing table for the Client looks like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 10.0.0.1 255.255.0.0 UG 0 0 0 tap0
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
The duplicate entries for the tap0 device are because of some experimenting,
normally there's only one (!! without a gateway !!).
Here's also the output of ifconfig...
ifconfig on the Server:
eth0 Link encap:Ethernet HWaddr 00:00:C5:0D:F1:A9
inet addr:217.x.x.22 Bcast:217.x.x.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15412 errors:0 dropped:0 overruns:0 frame:0
TX packets:4380 errors:0 dropped:0 overruns:0 carrier:0
collisions:103 txqueuelen:100
RX bytes:2506803 (2.3 MiB) TX bytes:3599805 (3.4 MiB)
Interrupt:10 Base address:0xfc80
eth1 Link encap:Ethernet HWaddr 00:20:18:39:2B:2F
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8683 errors:0 dropped:0 overruns:0 frame:0
TX packets:9515 errors:0 dropped:0 overruns:0 carrier:0
collisions:6 txqueuelen:100
RX bytes:4069422 (3.8 MiB) TX bytes:2289202 (2.1 MiB)
Interrupt:9 Base address:0xff40
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:120 errors:0 dropped:0 overruns:0 frame:0
TX packets:120 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12880 (12.5 KiB) TX bytes:12880 (12.5 KiB)
tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:500 (500.0 b)
Interrupt:5
ifconfig on the Client:
eth0 Link encap:Ethernet HWaddr 00:AA:00:35:7F:51
inet addr:192.168.0.9 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2253 errors:0 dropped:0 overruns:0 frame:0
TX packets:4892 errors:0 dropped:0 overruns:0 carrier:0
collisions:3 txqueuelen:100
RX bytes:210815 (205.8 KiB) TX bytes:269997 (263.6 KiB)
Interrupt:10 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)
tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:10.0.0.3 Bcast:10.255.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:14278 (13.9 KiB)
Interrupt:5
Again, any help would be appreciated because I still don't know what the
problem is; everything looks alright to me. Thanks.
Arno
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
On Sun, Jul 07, 2002 at 10:40:45PM +0200, Internal Affaires wrote:> /etc/tinc/iwan/tinc-up: > #!/bin/sh > ifconfig tap0 hw ether fe:fd:0:0:0:0 > ifconfig tap0 10.0.0.1 netmask 255.255.0.0 > ifconfig tap0 -arp > /etc/tinc/iwan/hosts/Server: (on both machines) > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY----- > #Address = 217.x.x.22 > Address = 192.168.0.1 > Subnet = 10.0.0.0/16 > > /etc/tinc/iwan/tinc-up: > #!/bin/sh > ifconfig tap0 hw ether fe:fd:0:0:0:0 > ifconfig tap0 10.0.0.3 netmask 255.255.0.0 > ifconfig tap0 -arp > /etc/tinc/iwan/hosts/Client: (on both machines) > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY----- > Address = 192.168.0.9 > Subnet = 10.0.0.0/16 > > Problem > ------- > Suffice it to say that I cannot ping across the vpn. Pinging the regular eth > devices of either host works perfectly and pinging the respective local tap0 > device works fine too, but pinging across the vpn doesn't.As Fredrik Bjork also pointed out, you are using the same Subnet for both machines. The Subnet lines tell tinc which IP addresses belong to which host. If you make them the same, tinc will not know to which of the two hosts it has to send the packet. If you have only two computers which you want to connect, then use "Subnet = 10.0.0.1/32" for Server and "Subnet = 10.0.0.3/32" for Client. The segmentation faults and net2str() errors are caused by a bug in tinc which is triggered when two hosts use exactly the same Subnet. I will fix this shortly. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20020708/2d42eea6/attachment.pgp