Hello, I want to use a tinc node as a default gateway in router mode. My first attempt was to just add an extra, lower priority subnet for the host that should act as the gateway: Subnet = 192.168.12.2/32 Subnet = 0.0.0.0/0#20 but this doesn't seem to work: # route add 173.255.235.238 gw 192.168.12.2 # ping 173.255.235.238 results in the local tinc process complaining that Read packet of 98 bytes from Linux tun/tap device (tun mode) Cannot route packet from vostro (MYSELF): unknown IPv4 destination address 173.255.235.238 For testing, I then tried a more restrictive subnet: Subnet = 192.168.12.2/32 Subnet = 173.0.0.0/8#20 ..and this seems to work fine, but obviously I don't want to list all 256 /8 subnets in the configuration. Is there something wrong with the 0.0.0.0/0 declaration? What's the proper way to set this up? Thanks! -Nikolaus -- ?Time flies like an arrow, fruit flies like a Banana.? PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
On Sun, Sep 01, 2013 at 01:14:25PM -0700, Nikolaus Rath wrote:> I want to use a tinc node as a default gateway in router mode. > > My first attempt was to just add an extra, lower priority subnet for the > host that should act as the gateway: > > Subnet = 192.168.12.2/32 > Subnet = 0.0.0.0/0#20 > > but this doesn't seem to work: > > # route add 173.255.235.238 gw 192.168.12.2 > # ping 173.255.235.238 > > results in the local tinc process complaining that > > Read packet of 98 bytes from Linux tun/tap device (tun mode) > Cannot route packet from vostro (MYSELF): unknown IPv4 destination address 173.255.235.238Did you restart the tincd on the gateway after you added that Subnet? It should work otherwise. You don't even have to add #20; subnets with a larger netmask are always lower in priority than those with a smaller netmask. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130901/66ec4a1a/attachment.sig>
Etienne Dechamps
2013-Sep-01 21:14 UTC
Subnet specification for tinc node as default gateway
On 01/09/2013 22:14, Nikolaus Rath wrote:> For testing, I then tried a more restrictive subnet: > > Subnet = 192.168.12.2/32 > Subnet = 173.0.0.0/8#20 > > ..and this seems to work fine, but obviously I don't want to list all > 256 /8 subnets in the configuration.As a workaround you could try : Subnet = 0.0.0.0/1 Subnet = 128.0.0.0/1