Hello, I've set up a tinc "server" named "spitzer" in proxy arp mode, and a client "inspiron" that connects to it. inspiron runs tinc 1.0.16, spitzer runs 1.0.11. Ping and ssh from inspiron to spitzer and other hosts in the network (via spitzer) works fine. Ping and ssh from other hosts in the network to inspiron works fine (i.e. going through spitzer works fine) However, ping and ssh from spitzer to inspiron does not work. The packets seem to be received by inspiron, in debug mode I can see messages like: Got MTU probe length 1411 from spitzer (128.59.144.255 port 655) Received packet of 98 bytes from spitzer (128.59.144.255 port 655) Writing packet of 98 bytes to Linux tun/tap device (tun mode) Got MTU probe length 1427 from spitzer (128.59.144.255 port 655) Got MTU probe length 1421 from spitzer (128.59.144.255 port 655) Got MTU probe length 1415 from spitzer (128.59.144.255 port 655) Received packet of 98 bytes from spitzer (128.59.144.255 port 655) Writing packet of 98 bytes to Linux tun/tap device (tun mode) Received packet of 98 bytes from spitzer (128.59.144.255 port 655) Writing packet of 98 bytes to Linux tun/tap device (tun mode) Received packet of 98 bytes from spitzer (128.59.144.255 port 655) Writing packet of 98 bytes to Linux tun/tap device (tun mode) Got MTU probe length 1444 from spitzer (128.59.144.255 port 655) (there's *lots* of these MTU probe messages). Routing table in inspiron: [0] inspiron:/etc/tinc/hbt# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 128.59.144.1 0.0.0.0 UG 0 0 0 eth0 128.59.144.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 hbt [0] inspiron:/etc/tinc/hbt# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Does anyone have a suggestion how I could debug this further? -Nikolaus -- ?Time flies like an arrow, fruit flies like a Banana.? PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
Nikolaus Rath <Nikolaus-BTH8mxji4b0 at public.gmane.org> writes:> Hello, > > I've set up a tinc "server" named "spitzer" in proxy arp mode, and a > client "inspiron" that connects to it. > > inspiron runs tinc 1.0.16, spitzer runs 1.0.11. > > Ping and ssh from inspiron to spitzer and other hosts in the network > (via spitzer) works fine. > > Ping and ssh from other hosts in the network to inspiron works fine > (i.e. going through spitzer works fine) > > However, ping and ssh from spitzer to inspiron does not work.[...] Ok, with some wireshark debugging I finally figured it out. The problem was actually on the server, my tinc-up script looked like this: ip link set $INTERFACE up ip route add 192.168.1.2/32 dev $INTERFACE But that didn't assign the IP address to the interface, it just added the route and brought the interface up. Packets originating on the server then came with the wrong source IP (in this case the one from the eth0 interface). Using ifconfig $INTERFACE 192.168.1.2 netmask 255.255.255.255 instead of the two ip calls fixed the problem. There is probably also a suitable option to the ip link command, but this was a faster fix. Best, -Nikolaus -- ?Time flies like an arrow, fruit flies like a Banana.? PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C