Hey guys, Stumbled upon tinc a few days ago - looks great. I'm having trouble setting up a simple VPN between two machines that are unfirewalled, one is a physical machine and another is a local VM. I can connect to them via their existing LAN IPs and ping them without issue with < 1ms. 1) I have WinA (Windows host - existing LAN IP 192.168.137.1) and LinuxB (Linux host - existing LAN IP 192.168.137.150) 2) I want them to exist in a Class A address of 10.0.0.1 and 10.0.0.2 3) I have a netname of "vpn" chosen. I am using 1.0 on LinuxB and 1.1 on WinA. WinA has this /vpn/tinc.conf: --- Name = WinA AddressFamily = ipv4 ConnectTo = LinuxB PrivateKeyFile = c:\Program Files (x86)\tinc\vpn\rsa_key.priv --- LinuxB has this /vpn/tinc.conf: --- Name = LinuxB AddressFamily = ipv4 PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv --- 4) My hosts files on both hosts are: /vpn/hosts/WinA: Address = 192.168.137.1 Subnet = 10.0.0.0/8 /vpn/hosts/LinuxB: Address = 192.168.137.150 Subnet = 10.0.0.0/8 5) My WinA host has the following network adapter settings chosen: IP Address: 10.0.0.1 Netmask: 255.0.0.0 Default Gateway: blank 6) My LinuxB host has the following tinc-up command: #!/bin/sh ifconfig $INTERFACE 10.0.0.2 netmask 255.0.0.0 7) I can establish a connection (supposedly?) between the two hosts: http://pastebin.com/K8W9wnsr Pretty confused why this is not working. Cheers, Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130502/9e6bdeb3/attachment.html>
On Thu, May 02, 2013 at 11:10:45PM +1000, Andrew Armstrong wrote:> 1) I have WinA (Windows host - existing LAN IP 192.168.137.1) and LinuxB > (Linux host - existing LAN IP 192.168.137.150) > 2) I want them to exist in a Class A address of 10.0.0.1 and 10.0.0.2 > 3) I have a netname of "vpn" chosen. I am using 1.0 on LinuxB and 1.1 on > WinA.[...]> 4) My hosts files on both hosts are: > /vpn/hosts/WinA: > Address = 192.168.137.1 > Subnet = 10.0.0.0/8The Subnet statement should not contain the subnet of the whole VPN, but only of that part of the VPN which belongs to WinA. So in your case, it should be: Subnet = 10.0.0.1> /vpn/hosts/LinuxB: > Address = 192.168.137.150 > Subnet = 10.0.0.0/8And here Subnet = 10.0.0.2. There rest of your configuration looks fine. Let me know if it works with these changes. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130502/d57dfe6d/attachment.pgp>
Thanks Guus, I will try this shortly. Can you elaborate on when an actual subnet of (say) 10.0.0.0/8 would ever be used (or things other than a /32 address). Cheers -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130503/e4d1a2fc/attachment.html>
On Fri, May 03, 2013 at 12:51:34AM +1000, Andrew Armstrong wrote:> Thanks Guus, I will try this shortly. Can you elaborate on when an actual > subnet of (say) 10.0.0.0/8 would ever be used (or things other than a /32 > address).You typically use things other than a /32 when you have a LAN connected to a node running tinc, and you want to make the whole LAN part of the VPN. See for example the configuration described in the manual: http://tinc-vpn.org/documentation/tinc_4.html#Example-configuration -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130502/0511bc60/attachment.pgp>