Hey guys, I installed tinc on a linux server which connects to the internet. That server is linked via a wireless link with a Windows 2000 workstation. I installed tinc on the windows box too, and the vpn works neat. The only problem is I don't know if the windows tap driver is able to forward unknown IPs to a gateway. This is because if I try to ping 10.0.0.1 which is just another ethernet card in the router, I get a "destination unreachable" error, because the tinc VPN subnet looks like 10.0.2.0/24, where 10.0.2.1 is the router end, and 10.0.2.2 is the win2k box. I can ping 10.0.2.1 from the win box. The wireless link looks like this: 10.0.1.1 is the linux router, 10.0.1.2 is the win2k box. In spite of the fact that the router works correctly, it even seems that if I try to ping someone on internet from the windows box, I get destination unreachable without the packets even getting tunneled through the VPN by tinc, using the wireless link for transport. I tried it with a sniffer, and indeed, packets dont even travel through the VPN when I try to ping some internet IP. I conclusioned this is a limitation of the windows tap driver. If anyone knows better and can help me setup internet connection via strong wireless vpn for this windows box, I will deeply appreciate it. Best Regards, Alin-Adrian Anton. Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/ . Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
On Sun, Nov 23, 2003 at 10:36:11PM +0200, Alin-Adrian Anton wrote:> I installed tinc on a linux server which connects to the internet. > That server is linked via a wireless link with a Windows 2000 > workstation. I installed tinc on the windows box too, and the vpn works > neat. The only problem is I don't know if the windows tap driver is able > to forward unknown IPs to a gateway. This is because if I try to ping > 10.0.0.1 which is just another ethernet card in the router, I get a > "destination unreachable" error, because the tinc VPN subnet looks like > 10.0.2.0/24, where 10.0.2.1 is the router end, and 10.0.2.2 is the win2k > box. I can ping 10.0.2.1 from the win box. > > The wireless link looks like this: 10.0.1.1 is the linux router, > 10.0.1.2 is the win2k box.You should add Subnet = 10.0.1.1 to the host config file of the router and Subnet = 10.0.1.2 to the host config file of the win2k box.> In spite of the fact that the router works correctly, it even seems > that if I try to ping someone on internet from the windows box, I get > destination unreachable without the packets even getting tunneled > through the VPN by tinc, using the wireless link for transport. I tried > it with a sniffer, and indeed, packets dont even travel through the VPN > when I try to ping some internet IP. I conclusioned this is a limitation > of the windows tap driver.Not at all. Those destination unreachable messages are generated by tinc, because it doesn't know a Subnet which matches the destination address of the packets you are trying to send. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20031123/7b4f2f90/attachment-0001.pgp
Guus Sliepen wrote:>On Sun, Nov 23, 2003 at 10:36:11PM +0200, Alin-Adrian Anton wrote: > > > >> I installed tinc on a linux server which connects to the internet. >>That server is linked via a wireless link with a Windows 2000 >>workstation. I installed tinc on the windows box too, and the vpn works >>neat. The only problem is I don't know if the windows tap driver is able >>to forward unknown IPs to a gateway. This is because if I try to ping >>10.0.0.1 which is just another ethernet card in the router, I get a >>"destination unreachable" error, because the tinc VPN subnet looks like >>10.0.2.0/24, where 10.0.2.1 is the router end, and 10.0.2.2 is the win2k >>box. I can ping 10.0.2.1 from the win box. >> >> The wireless link looks like this: 10.0.1.1 is the linux router, >>10.0.1.2 is the win2k box. >> >> > >You should add Subnet = 10.0.1.1 to the host config file of the router >and Subnet = 10.0.1.2 to the host config file of the win2k box. > > > >> In spite of the fact that the router works correctly, it even seems >>that if I try to ping someone on internet from the windows box, I get >>destination unreachable without the packets even getting tunneled >>through the VPN by tinc, using the wireless link for transport. I tried >>it with a sniffer, and indeed, packets dont even travel through the VPN >>when I try to ping some internet IP. I conclusioned this is a limitation >>of the windows tap driver. >> >> > >Not at all. Those destination unreachable messages are generated by >tinc, because it doesn't know a Subnet which matches the destination >address of the packets you are trying to send. > > >Ok I just did that for the windows tinc configuration files, and it's still the same. VPN is working, but I cannot ping internet sites. Is it possible to ping them through tinc? I tried subnet = 0.0.0.0, not working. Thank you so much for your time. Regards, Alin-Adrian Anton. Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
I need to compare some basic security properties for different VPN solutions. I have listed a few that I could think of below. If you have opinions about additional one, I will appreciate if you can list them here. Does Tinc Support the following (I have marked the ans's that I think I know): 1. Confidentiality: Yes (Packets are encrypted) 2. Data-integrity: Yes (using digest: SHA1) 3. Authentication/Non-Repudiation (Both at the session and data-packet level): Yes 4. Anti-Replay protection: ?? 5. Forward Secrecy: ?? 6. Does it have a user Space Impl: ?? Thanks Shashank Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
Apparently Analagous Threads
- [Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
- Load Balancing with secondary tables (not main as in the howto)
- Possible to run a tinc node in bridge-only mode?
- [Bug 452] New: DNAT to internal network don't work with source routing and 2 uplinks
- Fwd: Re: VPN Example 2