Hi
I have got Tinc working on two Windows PCs that are both behind NAT
firewalls - I want to backup files from one to the other across a VPN and
Tinc looks perfect for this. Even though I have Tinc working, I am a little
confused by the configuration which makes me think maybe I have something
wrong which may mean my VPN is not secure.
My confusion concerns the host file for the local PC and the TAP interface.
Both PC's use a 192.168.x.x IP local LAN schema and I thought that to make
things very distinct the VPN/TAP interfaces would use a 10.0.0.x schema
(like Small Business Server). One PC will use 10.0.0.3, the other 10.0.0.4.
Within each host file the Address is the public IP of the NAT firewall that
the PC is behind (the firewalls are configured to direct Tinc traffic to the
correct PC). The Subnets are 10.0.0.3/32 and 10.0.0.4/32. I was under the
impression that /32 indicated a subnet mask of 255.255.255.255 and this is
what the Tinc documentation seems to recommend for single IP addresses.
However the actual subnet mask in the TAP interface is 255.0.0.0. They do
not match!
I am no TCP/IP guru but I know enough about IPv4 to get me through most
things. I originally set the TAP interface subnet mask to be 255.255.0.0
and in the host file put 10.0.0.3/16 thinking that this was an exact match
and that a match was required but the Tinc service would not start with this
configuration. When you try to start the service in Windows you are told
that the service started but then stopped, and that some services do this if
they have no work to do. The service will only start with the configuration
mentioned above.
Although it is working, have I got something wrong? Should the Subnet in
the local host file not exactly match the subnet in the local TAP interface?
Thank you in advance for any help on this.
--
Regards
Craig
-----------------------------------------------------------
These aren't the droids you're looking for.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100511/c556f277/attachment.htm>