I have now got the tinc demons (on network OFFICES) on BranchB and
BranchA talking to each other, and I have been able to access
services (like AFP, Apple file sharing) between the two hosts (in
both directions), but not beyond the local network connected to
BanchA.
I am unclear which routing can be provided by tinc and which routing
would I have to add manually.
The aim is:
BranchB is a laptop
BranchA is part of the office network.
I would like to access AFP on the various local CPUs of the office network.
Any help or pointers are appreciated.
-------------------------------------
My current configuration
BranchB
The laptop, with fixed IP, 222.222.222.3, (configured from OsX GUI
System Preference:Network)
tinc.conf
Name = BranchB
ConnectTo = BranchA
Device = /dev/tun0
Host file
Subnet = 192.168.3.2/32
Address = 222.222.222.3
-----BEGIN RSA PUBLIC KEY-----
..
-----END RSA PUBLIC KEY-----
tinc-up apparently does not work at all for me. Thus, as a work
around, I am running manually a perl script after tincd is running.
See BranchB for more info.
tinc-up.pl
#!/usr/bin/perl
system "ifconfig tun0 192.168.3.2 192.168.0.0 netmask 255.255.0.0";
system "route add 192.168.0.0/16 192.168.3.2";
BrancA
The CPU with the tinc demon on the office network.
The office network is behind a mascarading firewall with public IP
123.123.123.7
The tinc host has a static IP of 10.20.30.1 (configured from OsX GUI
System Preference:Network)
The firewall is setup to forward all traffic to 123.123.123.7 to
10.20.30.1, on port 655
Furthermore, the preexisting office network is 192.168.2.0/24
The tinc host is physically connected to this network, one physical
ethernet interface, but at the moment only with address 10.20.30.1,
to then firewall
tinc.conf
Name = BranchA
Device = /dev/tun0
Host file
Subnet = 192.168.0.0/16
Address = 123.123.123.7
-----BEGIN RSA PUBLIC KEY-----
....
-----END RSA PUBLIC KEY-----
tinc-up
#!/bin/sh
ifconfig tun0 192.168.2.1 192.168.0.0 netmask 255.255.0.0
tinc-up.pl
#!/usr/bin/perl
system "ifconfig tun0 192.168.2.2 192.168.0.0 netmask 255.255.0.0";
system "route add 192.168.0.0/16 192.168.2.2";
Logfile
1101320682 tinc.OFFICES[452]: tincd 1.0.3 (Nov 11 2004 05:07:05)
starting, debug level 2
1101320682 tinc.OFFICES[452]: /dev/tun0 is a Generic BSD tun device
1101320682 tinc.OFFICES[452]: Executing script tinc-up
1101320682 tinc.OFFICES[452]: Script tinc-up exited with non-zero status 126
1101320682 tinc.OFFICES[452]: Listening on :: port 655
1101320682 tinc.OFFICES[452]: Listening on 0.0.0.0 port 655
1101320682 tinc.OFFICES[452]: Ready
1101321029 tinc.OFFICES[452]: Connection from 222.222.222.3 port 49599
1101321029 tinc.OFFICES[452]: Connection with BranchB (222.222.222.3
port 49599) activated
netstat -rn
after activating tincd and running tinc-up.pl
Destination Gateway Flags Refs Use Netif Expire
default 10.20.30.1 UGSc 4 9 en0
10.20.30/24 link#4 UCS 1 0 en0
10.20.30.1 0:d:88:39:b:63 UHLW 5 7 en0 542
10.20.30.40 127.0.0.1 UHS 0 0 lo0
127.0.0.1 127.0.0.1 UH 7 3108 lo0
169.254 link#4 UCS 0 0 en0
192.168.0.0 192.168.2.2 UH 0 0 tun0 =>
192.168.0/16 192.168.2.2 UGSc 0 0 tun0
-------------------------------------
Specific questions:
- The tinc-up script does not do anything, and the log shows.
"Script tinc-up exited with non-zero status 126"
Thus I am running my Perl tinc-up.pl script. I assume this is a valid
substitution for tinc-up.
Which local routing is tincd actually providing by default?
Which routing is tinc actually providing on Branch B after
route add 192.168.0.0/16 192.168.2.2
I know that I have to provide a further IP address for BranchB to
connect to the local net, e.g. 192.168.2.1
I have tried several methods but didn't get interface plus routing to
this address.
Thus
can 192.168.2.1 be on the same en0 interface as 10.20.30.1
Which routes would I have to add so that BranchB serves the local
192.168.2.x net?
Thanks.