tinc - Aug 2002 - tinc woes (connection established, possible routing issues)

Hello,

I'm trying to use tinc to establish a vpn between two linux boxes.  The
keys are shared and the connection gets established, but I can't seem to
ping either side.  One side is strictly a server for the client to connect
to.  It has a public IP, and the private IP subnet which it's trying to
"share" to the client.  It's a pretty simple and straight forward
setup.
Configurations are below...

                      Server Side                              Client Side
                 /                    \                     /                \
   Public IP          Private Subnet       Private IP
168.215.110.xxx --- 63.140.157.0/24 --- 63.140.157.230 ... --- 63.140.157.231
--- Client IP

Server:

/etc/tinc/Clarity/tinc.conf:

# Sample tinc configuration file

# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.

# The name of this tinc host. Required.
Name = Clarity

# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
# ConnectTo 
# The tap device tinc will use. Required.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/misc/net/tun for Linux tun/tap device.
Device = /dev/net/tun

# The file in which the private key for this host is stored. Required.
PrivateKeyFile = /etc/tinc/Clarity/rsa_key.priv

(server hosts file) /etc/tinc/Clarity/hosts/Clarity:

Address = black.clarityis.com
Subnet = 63.140.157.0/24

-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

(client host file) /etc/tinc/Clarity/hosts/joel:

-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----

Client:

/etc/tinc/work/tinc.conf:

# Sample tinc configuration file

# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.

# The name of this tinc host. Required.
Name = joel

# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
ConnectTo = Clarity

# The tap device tinc will use. Required.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/misc/net/tun for Linux tun/tap device.
#Device = /dev/misc/net/tun
Device = /dev/tun

# The file in which the private key for this host is stored. Required.
PrivateKeyFile = /etc/tinc/work/rsa_key.priv

/etc/tinc/work/hosts/* are the same as above....

When I start tinc with tincd -n Clarity and tincd -n work on the machines
I can see the connections being "activated", but I cannot ping between
the
two hosts.

Any ideas on how to get this to work?

Thanks,
Chris

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

On Mon, Aug 19, 2002 at 02:03:12PM -0400, Chris Martino wrote:
> I'm trying to use tinc to establish a vpn between two linux boxes.  The
> keys are shared and the connection gets established, but I can't seem
to
> ping either side.  One side is strictly a server for the client to connect
> to.  It has a public IP, and the private IP subnet which it's trying to
> "share" to the client.  It's a pretty simple and straight
forward setup.
> Configurations are below...
> 
>                       Server Side                              Client Side
>                  /                    \                     /              
\
>    Public IP          Private Subnet       Private IP
> 168.215.110.xxx --- 63.140.157.0/24 --- 63.140.157.230 ... ---
63.140.157.231 --- Client IP
Since 63.140.157.231 falls within 63.140.157.0/24, this is a slightly
complicated setup. You have two options:

a) Run a proxy arp daemon for 63.140.157.231 on the private subnet (on
   the same host as tinc runs) and add "Subnet = 63.140.157.231" to
   hosts/joel. You also need to ifconfig the tun interface properly in the
   tinc-up scripts.

b) Run tinc in bridging mode by adding "Mode = bridge" to tinc.conf.
   Create bridge devices on both sides and attach the interface of the
   private net to the tun interface.

The first solution is easier, but the second will allow you to browse
the Windows network neighbourhood from joel, and will also allow you to
run IPX applications or applications that use multicast or broadcast
packets.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus@sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://brouwer.uvt.nl/pipermail/tinc/attachments/20020819/c5aa1d5a/attachment.pgp