thr3ads.net - tinc - Windows Routing issue [Nov 2009]

If this information is useful, please help other people find it:
Share via:

Robert Spraggs

2009-Nov-17 18:13 UTC

Windows Routing issue

Hello All,

I took a break from trying to get Tinc working and have come back to it
now with the release of 1.0.11. I have 2 Windows computers connected
behind firewalls and everything seems to be correct, except I cannot
seem to get any data past the server TAP interface. I can ping the
Server TAP interface from the client, but no data will move through the
TAP interface to the Internet. I have put my information below in hopes
that someone can help find the answer. I know it has to be something
simple, but I can't figure it out.

Thanks for the help.

Client:
Firewall Internet Interface: 96.50.224.239
Firewall LAN Interface: 192.168.1.2
LAN: 192.168.1.108 netmask 255.255.255.0 gw 192.168.1.2
TAP: 10.2.1.12 netmask 255.255.0.0

Address=96.50.224.239
Subnet=10.2.1.12/32

Routing table:
==========================================================================Interface
List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff d3 00 a9 49 ...... TAP-Win32 Adapter V9
0x3 ...00 13 20 ab 73 df ...... Intel(R) PRO/100 VE Network Connection -
Packet Scheduler Miniport
====================================================================================================================================================Active
Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.2.54.1       10.2.1.12      3
          0.0.0.0          0.0.0.0      192.168.1.2   192.168.1.108      10
         10.2.0.0      255.255.0.0        10.2.1.12       10.2.1.12      3
        10.2.1.12  255.255.255.255        127.0.0.1       127.0.0.1      3
   10.255.255.255  255.255.255.255        10.2.1.12       10.2.1.12      3
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.108   192.168.1.108      10
    192.168.1.108  255.255.255.255        127.0.0.1       127.0.0.1      10
    192.168.1.255  255.255.255.255    192.168.1.108   192.168.1.108      10
        224.0.0.0        240.0.0.0        10.2.1.12       10.2.1.12      3
        224.0.0.0        240.0.0.0    192.168.1.108   192.168.1.108      10
  255.255.255.255  255.255.255.255        10.2.1.12       10.2.1.12      1
  255.255.255.255  255.255.255.255    192.168.1.108   192.168.1.108      1
Default Gateway:         10.2.54.1
==========================================================================Persistent
Routes:
  None

Server:
Firewall Internet Interface: 96.50.224.241
Firewall LAN Interface: 192.168.2.2
LAN: 192.168.2.115 netmask 255.255.255.0 gw 192.168.2.2
TAP: 10.2.54.1 netmask 255.255.0.0

Address=96.50.224.241
Subnet=10.2.54.1/32
Subnet=0.0.0.0/0



IPv4 Route Table
==========================================================================Interface
List
0x1 ........................... MS TCP Loopback interface
0x70003 ...00 1d 09 a0 c2 03 ...... Intel(R) 82562V-2 10/100 Network
Connection
0x70004 ...00 ff 9c d2 29 e7 ...... TAP-Win32 Adapter V9
====================================================================================================================================================Active
Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.2    192.168.2.115     30
          0.0.0.0          0.0.0.0    192.168.2.115        10.2.54.1     30
         10.2.0.0      255.255.0.0        10.2.54.1        10.2.54.1     30
        10.2.54.1  255.255.255.255        127.0.0.1        127.0.0.1     30
   10.255.255.255  255.255.255.255        10.2.54.1        10.2.54.1     30
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.2.0    255.255.255.0    192.168.2.115    192.168.2.115     30
    192.168.2.115  255.255.255.255        127.0.0.1        127.0.0.1     30
    192.168.2.255  255.255.255.255    192.168.2.115    192.168.2.115     30
        224.0.0.0        240.0.0.0        10.2.54.1        10.2.54.1     30
        224.0.0.0        240.0.0.0    192.168.2.115    192.168.2.115     30
  255.255.255.255  255.255.255.255        10.2.54.1        10.2.54.1      1
  255.255.255.255  255.255.255.255    192.168.2.115    192.168.2.115      1
Default Gateway:       192.168.2.2
==========================================================================Persistent
Routes:
  None

Donald Pearson

2009-Nov-17 18:52 UTC

head link

Windows Routing issue

Did you enable IP routing on your server?

If you see my ipconfig/all below, you'll see that IP routing is not enabled
on my computer, therefore if it will not act as a gateway or a router to
other networks.

Microsoft Windows [Version 6.1.7100]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Donald>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Cosmos
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :

On Tue, Nov 17, 2009 at 1:13 PM, Robert Spraggs
<rspraggs at aegissystems.com>wrote:
> Hello All,
>
> I took a break from trying to get Tinc working and have come back to it
> now with the release of 1.0.11. I have 2 Windows computers connected
> behind firewalls and everything seems to be correct, except I cannot
> seem to get any data past the server TAP interface. I can ping the
> Server TAP interface from the client, but no data will move through the
> TAP interface to the Internet. I have put my information below in hopes
> that someone can help find the answer. I know it has to be something
> simple, but I can't figure it out.
>
> Thanks for the help.
>
> Client:
> Firewall Internet Interface: 96.50.224.239
> Firewall LAN Interface: 192.168.1.2
> LAN: 192.168.1.108 netmask 255.255.255.0 gw 192.168.1.2
> TAP: 10.2.1.12 netmask 255.255.0.0
>
> Address=96.50.224.239
> Subnet=10.2.1.12/32
>
> Routing table:
>
==========================================================================>
Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...00 ff d3 00 a9 49 ...... TAP-Win32 Adapter V9
> 0x3 ...00 13 20 ab 73 df ...... Intel(R) PRO/100 VE Network Connection -
> Packet Scheduler Miniport
>
==========================================================================>
==========================================================================>
Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>         0.0.0.0          0.0.0.0        10.2.54.1       10.2.1.12      3
>         0.0.0.0          0.0.0.0      192.168.1.2   192.168.1.108      10
>        10.2.0.0      255.255.0.0        10.2.1.12       10.2.1.12      3
>       10.2.1.12  255.255.255.255        127.0.0.1       127.0.0.1      3
>  10.255.255.255  255.255.255.255        10.2.1.12       10.2.1.12      3
>       127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
>     192.168.1.0    255.255.255.0    192.168.1.108   192.168.1.108      10
>   192.168.1.108  255.255.255.255        127.0.0.1       127.0.0.1      10
>   192.168.1.255  255.255.255.255    192.168.1.108   192.168.1.108      10
>       224.0.0.0        240.0.0.0        10.2.1.12       10.2.1.12      3
>       224.0.0.0        240.0.0.0    192.168.1.108   192.168.1.108      10
>  255.255.255.255  255.255.255.255        10.2.1.12       10.2.1.12      1
>  255.255.255.255  255.255.255.255    192.168.1.108   192.168.1.108      1
> Default Gateway:         10.2.54.1
>
==========================================================================>
Persistent Routes:
>  None
>
> Server:
> Firewall Internet Interface: 96.50.224.241
> Firewall LAN Interface: 192.168.2.2
> LAN: 192.168.2.115 netmask 255.255.255.0 gw 192.168.2.2
> TAP: 10.2.54.1 netmask 255.255.0.0
>
> Address=96.50.224.241
> Subnet=10.2.54.1/32
> Subnet=0.0.0.0/0
>
>
>
> IPv4 Route Table
>
==========================================================================>
Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x70003 ...00 1d 09 a0 c2 03 ...... Intel(R) 82562V-2 10/100 Network
> Connection
> 0x70004 ...00 ff 9c d2 29 e7 ...... TAP-Win32 Adapter V9
>
==========================================================================>
==========================================================================>
Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>         0.0.0.0          0.0.0.0      192.168.2.2    192.168.2.115     30
>         0.0.0.0          0.0.0.0    192.168.2.115        10.2.54.1     30
>        10.2.0.0      255.255.0.0        10.2.54.1        10.2.54.1     30
>       10.2.54.1  255.255.255.255        127.0.0.1        127.0.0.1     30
>  10.255.255.255  255.255.255.255        10.2.54.1        10.2.54.1     30
>       127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
>     192.168.2.0    255.255.255.0    192.168.2.115    192.168.2.115     30
>   192.168.2.115  255.255.255.255        127.0.0.1        127.0.0.1     30
>   192.168.2.255  255.255.255.255    192.168.2.115    192.168.2.115     30
>       224.0.0.0        240.0.0.0        10.2.54.1        10.2.54.1     30
>       224.0.0.0        240.0.0.0    192.168.2.115    192.168.2.115     30
>  255.255.255.255  255.255.255.255        10.2.54.1        10.2.54.1      1
>  255.255.255.255  255.255.255.255    192.168.2.115    192.168.2.115      1
> Default Gateway:       192.168.2.2
>
==========================================================================>
Persistent Routes:
>  None
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20091117/5cc1edf5/attachment.htm>

Guus Sliepen

2009-Nov-17 19:01 UTC

head link

Windows Routing issue

On Tue, Nov 17, 2009 at 10:13:33AM -0800, Robert Spraggs wrote:
> I took a break from trying to get Tinc working and have come back to it
> now with the release of 1.0.11. I have 2 Windows computers connected
> behind firewalls and everything seems to be correct, except I cannot
> seem to get any data past the server TAP interface. I can ping the
> Server TAP interface from the client, but no data will move through the
> TAP interface to the Internet. I have put my information below in hopes
> that someone can help find the answer. I know it has to be something
> simple, but I can't figure it out.
Ok, you can ping the server via the VPN, so tinc is probably working fine.
> Routing table:
> Network Destination        Netmask          Gateway       Interface  Metric
>          0.0.0.0          0.0.0.0        10.2.54.1       10.2.1.12      3
>          0.0.0.0          0.0.0.0      192.168.1.2   192.168.1.108      10
>         10.2.0.0      255.255.0.0        10.2.1.12       10.2.1.12      3
>   10.255.255.255  255.255.255.255        10.2.1.12       10.2.1.12      3
>      192.168.1.0    255.255.255.0    192.168.1.108   192.168.1.108      10
>    192.168.1.255  255.255.255.255    192.168.1.108   192.168.1.108      10
> Default Gateway:         10.2.54.1
Hmm, your default gateway is via the VPN, but I don't see a route that tells
Windows to use the real network for tinc's own connections... but since you
can
connect to the server, it works somehow.
> Server:
> Firewall Internet Interface: 96.50.224.241
> Firewall LAN Interface: 192.168.2.2
> LAN: 192.168.2.115 netmask 255.255.255.0 gw 192.168.2.2
> TAP: 10.2.54.1 netmask 255.255.0.0
> 
> Address=96.50.224.241
> Subnet=10.2.54.1/32
> Subnet=0.0.0.0/0
That is all OK. The routing table is also OK. But, I think the problem is that
packet from the client, with source IP address 10.2.1.12 are forwarded by the
server to the firewall fine, and maybe the firewall even properly masquerades
the packets and sends them on to the Internet, but when a reply comes back, the
firewall does not know how to send it back to 10.2.1.12, because the firewall
itself does not know about the 10.2.0.0/16 subnet, it only knows about
192.168.2.0/24.

There are three solutions I see:

1. You configure the server to masquerade packets from the VPN that are going
   to the LAN.

2. You add a route to the firewall telling it to forward packets for
   10.2.0.0/16 to 192.168.2.155.

3. You can bridge the LAN and TAP interfaces together on the server, and let
   the client use DHCP on its TAP interface, so it gets an address in the
   192.168.2.0/24 range and sets its default gateway directly to the firewall.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20091117/ef36e42f/attachment.pgp>

Seemingly Similar Threads

Search for more possibly parallel threads

tinc - Nov 2009 - Windows Routing issue

Windows Routing issue

Windows Routing issue

Windows Routing issue

Seemingly Similar Threads