On Mon, Jul 07, 2014 at 06:55:12PM -0700, Zia Syed wrote:
> I'm trying to setup tinc tunnel between my work and home linux machines
as
> shown here http://cl.ly/image/1H1R2X2D403X
>
> I am able to setup tinc session between A and B and I can ping them. But I
> can't ping C or D from B, or A respectively.
>
> Home network 192.168.1.0
> Work network 10.20.50.0
> tinc tunnel is 15.0.0.x.
Note that you don't need to have a special subnet just for the tunnel.
Also, 15.0.0.0/8 is a range of public IP addresses, don't use that
unless you really don't mind missing parts of the Internet.
You can just give the VPN interface the same address as the LAN
interface. And as Etienne already said, you have to tell tinc about the
192.168.1.0/24 and 10.20.50.0/24 Subnets. So, on B you should have this
in hosts/B:
Subnet = 10.20.50.0/24
And in B's tinc-up:
#!/bin/sh
ip addr add 10.20.50.107 dev $INTERFACE
ip route add 192.168.1.0/24 dev $INTERFACE
ip link set dev $INTERFACE up
Also, don't forget that you have to enable forwarding in the kernel, if
that's not already done:
echo 1 >/proc/sys/net/ipv4/ip_forward
Also check that if you have any firewall rules on A and B that they
allow forwarding packets between the LAN and the VPN. Last but not
least, do C and D know that packets for each other's LAN have to go via
A and B? If A and B are the gateways on their LANs, you don't have to do
anything else. If they are not, then you need to tell D for example:
ip route add 192.168.1.0/24 via 10.20.50.107
Or if you have even more machines on the LAN that you want to give
access to the VPN, then tell the real gateway to route packets for the
VPN to the machine running tinc.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20140708/7fb5b1c2/attachment.sig>