tinc - May 2009 - Routes are not added automatically

Hi,

Being a beginner with Tinc I browsed the mailing list archive in order 
to see if other people were experiencing the same problems as I was. And 
there is.
But the answers given to them never actually seemed right to me (at 
least regarding what it is said on tinc's website).

My problem is that in order to run a simple VPN between two machines I 
had to manually add the "route add -net <ip>/24 $INTERFACE"
statement on
hosts' tinc-up files.
I came accross a lot of messages in the archive saying that tinc doesn't 
handle routing and that it's my job to configure the routes manually.

But according to the website :
1) http://www.tinc-vpn.org/documentation/tinc_3.html#SEC37

    "An example 'tinc-up' script:

      	

    #!/bin/sh
    ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
            

    This script gives the interface an IP address and a netmask. The
    kernel _will also automatically add a route to this interface_ , so
    normally you _don't need to add route commands_ to the 'tinc-up'
    script. The kernel will also bring the interface up after this
    command. The netmask is the mask of the /entire/ VPN network, not
    just your own subnet."


2) http://www.tinc-vpn.org/documentation/tinc_3.html#SEC42
Same thing here: none of the example configuration has  an "add route"
statement.

Is the site wrong? Am I missing something?

Best regards,

-- 
RB


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.tinc-vpn.org/pipermail/tinc/attachments/20090520/f7dbdc33/attachment.htm

On Wed, May 20, 2009 at 06:58:23PM +0200, Ricardo Belin wrote:
> My problem is that in order to run a simple VPN between two machines I  
> had to manually add the "route add -net <ip>/24 $INTERFACE"
statement on
> hosts' tinc-up files.
Suppose you have two nodes, A and B, and A has 192.168.1.0/24, and B has
192.168.2.0/24.  If you then put "ifconfig $INTERFACE 192.168.x.1 netmask
255.255.0.0" in the tinc-up files, then you would not need extra route add
commands, since the whole 192.168.0.0/16 is routed to the VPN. However, if you
use netmask 255.255.255.0 in tinc-up, then yes, you need to add extra routes.
> I came accross a lot of messages in the archive saying that tinc
doesn't
> handle routing and that it's my job to configure the routes manually.
Yes, tinc does not automatically configure the VPN interface and does not add
routes, you need to create tinc-up and possibly other scripts to do that.
> But according to the website :
> 1) http://www.tinc-vpn.org/documentation/tinc_3.html#SEC37
>
>    "An example 'tinc-up' script:
>
>    #!/bin/sh
>    ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
>            
>
>    This script gives the interface an IP address and a netmask. The
>    kernel _will also automatically add a route to this interface_ , so
>    normally you _don't need to add route commands_ to the
'tinc-up'
>    script. The kernel will also bring the interface up after this
>    command. The netmask is the mask of the /entire/ VPN network, not
>    just your own subnet."
The example is correct, the netmask is so large that it encompasses the whole
VPN, so you don't need to add more routes.  The ifconfig command in the
example
configures the interface, but also adds a route for 192.168.0.0/16 to the
kernel's routing table.

If you do not want to use such a large netmask, you can create a subnet-up
script that contains the following:

#!/bin/sh
ip route add $SUBNET dev $INTERFACE

And a corresponding subnet-down of course. But you're free to do something
else.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url :
http://www.tinc-vpn.org/pipermail/tinc/attachments/20090520/00cdcf95/attachment.pgp