tinc - Apr 2006 - VPN between two servers

Dear list!

I have a problem setting up tinc and I come to the conclusion that I might
have misunderstood something.

What I try to achieve is this:

I have two servers. They are so called "root Servers" rented from a
server
hosting company. This means, each of them has 1 ethernet interface with a
public IP address on the public Internet. They are NOT gateways that have
any private networks behind them.

I would like to use tinc to create a virtual private network that just
exists between the two servers. I want a virtual interface on each of the
servers, probably with a 192.168.x.x address so that I could have some
daemon on server A listen to say 192.168.1.1 only and have server B connect
to that daemon through the tinc VPN from 192.168.1.2 for example.

I think all the samples work from the assumption that the servers are
gatways that have networks behind them. I have setup my boxes according to
the samples, but I cannot ping between the virtual interfaces.

Any hints would be welcome. I am not sure, but would this be bridging that I
am looking for? I don't actually think so.

Regards,
Torsten

On Fri, Apr 21, 2006 at 11:16:22AM +0200, Torsten Schlabach
wrote:
> I would like to use tinc to create a virtual private network that just
> exists between the two servers. I want a virtual interface on each of the
> servers, probably with a 192.168.x.x address so that I could have some
> daemon on server A listen to say 192.168.1.1 only and have server B connect
> to that daemon through the tinc VPN from 192.168.1.2 for example.
> 
> I think all the samples work from the assumption that the servers are
> gatways that have networks behind them. I have setup my boxes according to
> the samples, but I cannot ping between the virtual interfaces.
Did you configure 192.168.1.1 and 192.168.1.2 as loopback addresses on the
two machines? (e.g. ifconfig lo:0 192.168.1.1/32)

Have you chosen the right source address when pinging? e.g.

    ping -S 192.168.1.1 192.168.1.2

Have you enabled IP forwarding on both machines?

What does tcpdump show when you do the ping command shown above?

Just a few suggestions from someone who lurks on the TINC list rather than
actually uses it :-) Another option you could consider is to configure IPSEC
transport mode between the two machines, but that's not TINC.

Regards,

Brian.