I'm probably doing something I'm not supposed to even try, but I'm trying for "proof of concept" before physically setting up a distant network because of logistical issues. Anyway, I have tincd running as a service on two windows machines on the same lan. I'm trying to establish a connection between those two computers on the vpn ip's (10.20.30.1 and 10.20.40.1). I have confirmed that port 655 is open because each machine can ping the other on the LAN ip address (192.168.1.x) and "telnet 192.168.1.x 655" works on both machines (x=4 on one machine and 8 on the other) (it responds with "0 MachineB 17" on MachineA and "0 MachineA 17" on MachineB. ipconfig /all confirms that each computer can see itself on the 10.20.x.1 addresses. tracert gets me nothing my hosts files now look like this: MachineA Address = 192.168.1.4 Subnet = 10.20.30.0/24 -----BEGIN RSA PUBLIC KEY----- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------- -----END RSA PUBLIC KEY----- MachineB Address = 192.168.1.8 Subnet = 10.20.40.0/24 -----BEGIN RSA PUBLIC KEY----- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- ----------------------------------------------------- -----END RSA PUBLIC KEY----- I feel like I'm close, really close. If anybody can point me in the right direction, I would appreciate it. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100126/7330a415/attachment.htm>
On Tue, Jan 26, 2010 at 07:44:43PM -0800, Anon wrote:> Anyway, I have tincd running as a service on two windows machines on the > same lan. I'm trying to establish a connection between those two > computers on the vpn ip's (10.20.30.1 and 10.20.40.1). I have confirmed > that port 655 is open because each machine can ping the other on the LAN > ip address (192.168.1.x) and "telnet 192.168.1.x 655" works on both > machines (x=4 on one machine and 8 on the other) (it responds with "0 > MachineB 17" on MachineA and "0 MachineA 17" on MachineB. > > ipconfig /all confirms that each computer can see itself on the 10.20.x.1 > addresses. > > MachineA > > Address = 192.168.1.4 > Subnet = 10.20.30.0/24 > > MachineB > > Address = 192.168.1.8 > Subnet = 10.20.40.0/24The netmask of the VPN interface should be 255.255.0.0. Is this the case? If you have a fireall on the Windows machines, make sure it allows all traffic on the VPN interface. You can also start tinc with the options -d5 -D, this will not start it as a service but run in the console. You can then see what happens when you try tracert or anything else via the VPN. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100127/5d4b7694/attachment.pgp>
Yes, my netmask was 255.255.0.0.
With respect to the "all traffic" comment, using the (horrible)
Windows firewall does not allow
interface by interface configuration. So, if I allow all traffic on
that interface, I open it up
to all traffic on all interfaces. At least that is the way it is in
XPProSp3. So, I left my
firewall in place (which allows traffic on selected ports only, one of
which is 655).
I could have sworn that after my last configuration edits I stopped
and restarted the service, but
I guess not, because when I rebooted both machines this morning, the
configuration shown below
worked just fine without any modifications.
I ran debug command line, and I guess I don't have something set
properly, because nothing
much shows up in the console window. First, the console window starts with:
C:\Program Files\tinc>tincd -n ivpn -D d5
tincd 1.0.11 (Nov 1 2009 17:03:44) starting, debug level 0
Tap reader running
{5227xxxx-012D-4x53-8725-588x3x4174x8} (vpn) is a Windows tap device
Ready
At that point, the console is frozen (I can't enter any commands in
that window), which is
exactly what I expect.
When I open another console window and tracert or ping to the other
machine, it works and there
is nothing that shows up in this console (no debug messages). This is
true whether MachineA is
accessing MachineB or the other way around. This is true whether
access is via ping, tracert or
a Windows program such as VNC (which works swimmingly I might add).
The only thing that showed up on that console was the following:
Bogus data received from <unknown> (192.168.1.8 port 2943)
Old connection_t for <unknown> (192.168.1.8 port 2943) status 0010 still
lin
gering, deleting...
I have no idea what would have generated that message.
In any event, thank you for the prompt response. As is my habit, I'm
closing the loop by writing
this message so that somebody else who reviews this thread will know
of its resolution.
************************************************************
On Tue, Jan 26, 2010 at 07:44:43PM -0800, Anon wrote:
>* Anyway, I have tincd running as a service on two windows machines on the
*>* same lan. I'm trying to establish a connection between those two
*>* computers on the vpn ip's (10.20.30.1 and 10.20.40.1). I have
confirmed
*>* that port 655 is open because each machine can ping the other on the LAN
*>* ip address (192.168.1.x) and "telnet 192.168.1.x 655" works on
both
*>* machines (x=4 on one machine and 8 on the other) (it responds with
"0
*>* MachineB 17" on MachineA and "0 MachineA 17" on MachineB.
*>*
*>* ipconfig /all confirms that each computer can see itself on the 10.20.x.1
*>* addresses.
*>*
*>* MachineA
*>*
*>* Address = 192.168.1.4
*>* Subnet = 10.20.30.0/24
*>*
*>* MachineB
*>*
*>* Address = 192.168.1.8
*>* Subnet = 10.20.40.0/24
*
The netmask of the VPN interface should be 255.255.0.0. Is this the case? If
you have a fireall on the Windows machines, make sure it allows all traffic on
the VPN interface. You can also start tinc with the options -d5 -D, this will
not start it as a service but run in the console. You can then see what happens
when you try tracert or anything else via the VPN.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org
<http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100127/b1974c8d/attachment.htm>