I switch to lollipop 4 months ago and I never had issue. So for my opinion it is ready for daily use. Before try tinc I had my vpn implemented with openvpn, and it works great on lollipop. I switch to tinc because i prefer a mash vpn topology versus a client/server topology. -- Andrea Squeri Inviato con Sparrow (http://www.sparrowmailapp.com/?sig) Il giorno venerd? 27 marzo 2015, alle ore 11:57, Alexander Ypema ha scritto:> I think it's more of a routing issue than anything explicitly blocking it, they use a new 'ip rule list' and per user settings that aren't well documented yet either, but where exactly to point I don't know. I haven't messed with android 5 much yet, it seems not ready enough yet for daily use, there isn't a single snapshot in the cyanogenmod repos, for example. So maybe it's worth to just stick with Android 4 for now? > > Met vriendelijke groet / Kind regards, > Alexander Ypema > On 27 March 2015 at 08:16, Andrea Squeri <andrea.squeri at gmail.com (mailto:andrea.squeri at gmail.com)> wrote: > > I don't know.. It seems that anyone had try to made work tinc with lollipop. Even googoling i don't found anything about this argoument. > > Andrea Squeri > > Il 27/mar/2015 06:55 "Tatsuyuki Ishi" <ishitatsuyuki at gmail.com (mailto:ishitatsuyuki at gmail.com)> ha scritto: > > > > > SELinux is considered as the biggest problem. > > > On Thu, Mar 26, 2015, 22:37 Andrea Squeri <andrea.squeri at gmail.com (mailto:andrea.squeri at gmail.com)> wrote: > > > > Yes. The problem is lollipop. I tried to install tinc on my brother's device which mount a cyano 10.1( android 4.2.2) and it works. > > > > I don't understand which is the problem with lollipop. Is there a firewall that block the packets? > > > > Andrea Squeri > > > > If you are running Lollipop / Android 5.x on your Nexus 5, then you are probably seeing the same issue I was with it. lollipop seems to change networking quite a bit in that it's using iptables / and `ip rule list` extensively for per-user settings. > > > > I think http://www.linux.org/threads/debugging-nat-prerouting-issues-iptables.7136/ is relevant if you see running in to the same issue, it's confusing quite a lot of folks. I was unable to get tinc-gui (or even tincd manually and tinkering via adb shell) to work so I've downgraded my S5 to a 4.4.2 rom. I'm not sure if coming up with a fancy tinc-up is the solution or someone with the ability to get tinc compatible with the official Android VPN API that a lot of the openvpn apps are using now. > > > > You might be able to draw some inspiration from https://github.com/offensive-security/kali-nethunter/blob/master/utils/manna/start-nat-full-lollipop.sh but I haven't tried it since I've been back on 4.4.2. > > > > > > > > On Wed, Mar 25, 2015 at 5:15 AM, Andrea Squeri <andrea.squeri at gmail.com (mailto:andrea.squeri at gmail.com)> wrote: > > > > > Hi, First sorry for my bad English. > > > > > I made a vpn wtih tinc for link my home and my two office. In Addition I want to configure my android device to link with my vpn. > > > > > The topology of the net is this: > > > > > > > > > > cubox(a linux machine in my home with vpn address 192.168.0.20) > > > > > groppalbero (a linux machine in my second office with vpn address 192.168.0.40) > > > > > imac(a mac machine in my first office with vpn address 192.168.0.50) > > > > > nexus5(my android device with vpn address 192.168.0.80) > > > > > > > > > > I have configurate all machine and now they all works except the android device. > > > > > On this I use ?Tinc Gui? app for configure it. When I start the tinc daemon it connect to the configured host and the tun0 interface in created and configured, but i can ping with any hosts > > > > > and any host can ping my android device. the result of ping IS NOT a network unavailable response. In fact it block un operation and from the tinc gui log I can see that the packet are received by my android device. > > > > > I suspect that can be a problem for the route but I can?t understand which the problem is. > > > > > > > > > > For information paste the configuration from cubic and android device: > > > > > > > > > > CUBOX : > > > > > -------------------------------------------------------------------------------------------------------- > > > > > andre at cubox vpnalma]$ cat tinc.conf > > > > > # Sample tinc configuration file > > > > > > > > > > # This is a comment. > > > > > # Spaces and tabs are eliminated. > > > > > # The = sign isn't strictly necessary any longer, though you may want > > > > > # to leave it in as it improves readability :) > > > > > # Variable names are treated case insensitive. > > > > > > > > > > # The name of this tinc host. Required. > > > > > Name = cubox > > > > > > > > > > # The internet host to connect with. > > > > > # Comment these out to make yourself a listen-only connection > > > > > # You must use the name of another tinc host. > > > > > # May be used multiple times for redundance. > > > > > #ConnectTo = vaio > > > > > #ConnectTo = groppalbero > > > > > #ConnectTo = imac > > > > > #ConnectTo = servermarcy > > > > > > > > > > # The tap device tinc will use. > > > > > # Default is /dev/tap0 for ethertap or FreeBSD, > > > > > # /dev/tun0 for Solaris and OpenBSD, > > > > > # and /dev/net/tun for Linux tun/tap device. > > > > > Device = /dev/net/tun > > > > > [andre at cubox vpnalma]$ cat tinc-up > > > > > #!/bin/sh > > > > > # This file sets up the tap device. > > > > > # It gives you the freedom to do anything you want with it. > > > > > # Use the correct name for the tap device: > > > > > # The environment variable $INTERFACE is set to the right name > > > > > # on most platforms, but if it doesn't work try to set it manually. > > > > > > > > > > # Give it the right ip and netmask. Remember, the subnet of the > > > > > # tap device must be larger than that of the individual Subnets > > > > > # as defined in the host configuration file! > > > > > ifconfig $INTERFACE 192.168.0.20 netmask 255.255.255.0 > > > > > #ip link set $INTERFACE up > > > > > #ip addr add 192.168.0.20/32 (http://192.168.0.20/32) dev $INTERFACE > > > > > #ip route add 192.168.0.0/24 (http://192.168.0.0/24) dev $INTERFACE > > > > > [andre at cubox vpnalma]$ cat hosts/cubox > > > > > #iample host configuration file > > > > > # This file was generated by host beta. > > > > > > > > > > # The real IP address of this tinc host. Can be used by other tinc hosts. > > > > > Address = 10.0.0.7 > > > > > Address = almaliberty.duckdns.org (http://almaliberty.duckdns.org) > > > > > # Portnumber for incoming connections. Default is 655. > > > > > Port = 655 > > > > > > > > > > # Subnet on the virtual private network that is local for this host. > > > > > Subnet = 192.168.0.20/32 (http://192.168.0.20/32) > > > > > ???????????????????????????????????????????????????? > > > > > The network is so configurated: > > > > > ?????????????????????????????????????????????????????????????????????????????? > > > > > > > > > > [andre at cubox vpnalma]$ ifconfig > > > > > eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > > > > inet 10.0.0.7 netmask 255.255.255.0 broadcast 10.0.0.255 > > > > > inet6 fe80::d263:b4ff:fe00:6a6b prefixlen 64 scopeid 0x20<link> > > > > > ether d0:63:b4:00:6a:6b txqueuelen 1000 (Ethernet) > > > > > RX packets 63975281 bytes 142504956 (135.9 MiB) > > > > > RX errors 0 dropped 2 overruns 0 frame 0 > > > > > TX packets 35826176 bytes 2648965717 (2.4 GiB) > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > inet6 ::1 prefixlen 128 scopeid 0x10<host> > > > > > loop txqueuelen 0 (Local Loopback) > > > > > RX packets 167609 bytes 76370891 (72.8 MiB) > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > TX packets 167609 bytes 76370891 (72.8 MiB) > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > vpnalma: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 > > > > > inet 192.168.0.20 netmask 255.255.255.0 destination 192.168.0.20 > > > > > unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) > > > > > RX packets 8876 bytes 1765584 (1.6 MiB) > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > TX packets 5939 bytes 2394177 (2.2 MiB) > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > [andre at cubox vpnalma]$ route > > > > > Kernel IP routing table > > > > > Destination Gateway Genmask Flags Metric Ref Use Iface > > > > > default router.asus.com (http://router.asus.com) 0.0.0.0 UG 1024 0 0 eth0 > > > > > 10.0.0.0 * 255.255.255.0 U 0 0 0 eth0 > > > > > router.asus.com (http://router.asus.com) * 255.255.255.255 UH 1024 0 0 eth0 > > > > > 192.168.0.0 * 255.255.255.0 U 0 0 0 vpnalma > > > > > [andre at cubox vpnalma]$ > > > > > > > > > > > > > > > ?????????????????????????????????????????????????????????????????? > > > > > > > > > > ON THE ANDROIDE DEVICE SIDE I HAVE THIS CONFG: > > > > > > > > > > > > > > > u0_a167 at hammerhead:/ $ su > > > > > root at hammerhead:/ # cd sdcard/tinc/vpnalma > > > > > at tinc.conf < > > > > > # Sample tinc configuration file > > > > > # This is a comment. > > > > > # Spaces and tabs are eliminated. > > > > > # The = sign isn't strictly necessary any longer, though you may want > > > > > # to leave it in as it improves readability :) > > > > > # Variable names are treated case insensitive. > > > > > # The name of this tinc host. Required. > > > > > Name = nexus5 > > > > > # The internet host to connect with. > > > > > # Comment these out to make yourself a listen-only connection > > > > > # You must use the name of another tinc host. > > > > > # May be used multiple times for redundance. > > > > > ConnectTo = cubox > > > > > ConnectTo = groppalbero > > > > > ConnectTo = imac > > > > > # The tap device tinc will use. > > > > > # Default is /dev/tap0 for ethertap or FreeBSD, > > > > > # /dev/tun0 for Solaris and OpenBSD, > > > > > # and /dev/net/tun for Linux tun/tap device. > > > > > #Mode = switch > > > > > Device = /dev/tun > > > > > #DeviceType = tap > > > > > #Interface = tap0 > > > > > #echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter > > > > > ScriptsInterpreter = /system/bin/sh > > > > > root at hammerhead:/sdcard/tinc/vpnalma # cat tinc-up > > > > > #!/bin/sh > > > > > # This file sets up the tap device. > > > > > # It gives you the freedom to do anything you want with it. > > > > > # Use the correct name for the tap device: > > > > > # The environment variable $INTERFACE is set to the right name > > > > > # on most platforms, but if it doesn't work try to set it manually. > > > > > # Give it the right ip and netmask. Remember, the subnet of the > > > > > # tap device must be larger than that of the individual Subnets > > > > > # as defined in the host configuration file! > > > > > ifconfig $INTERFACE 192.168.0.80 netmask 255.255.255.0 > > > > > #echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter > > > > > #ip link set $INTERFACE up > > > > > #ip addr add 192.168.0.80/24 (http://192.168.0.80/24) dev $INTERFACE > > > > > #ip route add 192.168.0.0/24 (http://192.168.0.0/24) dev $INTERFACE > > > > > root at hammerhead:/sdcard/tinc/vpnalma # hosts/nexus5 > > > > > sh: hosts/nexus5: can't execute: Permission denied > > > > > at hosts/nexus5 < > > > > > # Sample host configuration file > > > > > # The real IP address of this tinc host. Can be used by other tinc hosts. > > > > > # Portnumber for incoming connections. Default is 655. > > > > > #Port = 655 > > > > > # Subnet on the virtual private network that is local for this host. > > > > > Subnet = 192.168.0.80/32 (http://192.168.0.80/32) > > > > > -----BEGIN RSA PUBLIC KEY----- > > > > > > > > > > -----END RSA PUBLIC KEY----- > > > > > root at hammerhead:/sdcard/tinc/vpnalma # ip addr > > > > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN > > > > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > > > > inet 127.0.0.1/8 (http://127.0.0.1/8) scope host lo > > > > > inet6 ::1/128 scope host > > > > > valid_lft forever preferred_lft forever > > > > > 2: rmnet0: <UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 > > > > > link/[530] > > > > > inet 10.183.70.124/29 (http://10.183.70.124/29) scope global rmnet0 > > > > > inet6 fe80::7561:c093:ea26:5781/64 scope link > > > > > valid_lft forever preferred_lft forever > > > > > 3: rmnet1: <> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/[530] > > > > > 4: rmnet2: <> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/[530] > > > > > 5: rmnet3: <> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/[530] > > > > > 6: rmnet4: <> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/[530] > > > > > 7: rmnet5: <> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/[530] > > > > > 8: rmnet6: <> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/[530] > > > > > 9: rmnet7: <> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/[530] > > > > > 10: rev_rmnet0: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether a2:f5:64:5f:9d:05 brd ff:ff:ff:ff:ff:ff > > > > > 11: rev_rmnet1: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether ea:f8:93:71:83:a1 brd ff:ff:ff:ff:ff:ff > > > > > 12: rev_rmnet2: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether 2a:84:3a:f5:3b:f0 brd ff:ff:ff:ff:ff:ff > > > > > 13: rev_rmnet3: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether 4a:d5:f8:77:cb:80 brd ff:ff:ff:ff:ff:ff > > > > > 14: rev_rmnet4: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether 16:db:e7:e3:f4:39 brd ff:ff:ff:ff:ff:ff > > > > > 15: rev_rmnet5: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether 46:3a:94:70:f0:5f brd ff:ff:ff:ff:ff:ff > > > > > 16: rev_rmnet6: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether 62:2c:a9:03:e9:4d brd ff:ff:ff:ff:ff:ff > > > > > 17: rev_rmnet7: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether f6:8e:08:a1:aa:10 brd ff:ff:ff:ff:ff:ff > > > > > 18: rev_rmnet8: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen 1000 > > > > > link/ether 72:92:60:5c:e6:7c brd ff:ff:ff:ff:ff:ff > > > > > 19: sit0: <NOARP> mtu 1480 qdisc noop state DOWN > > > > > link/sit 0.0.0.0 brd 0.0.0.0 > > > > > 20: p2p0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 > > > > > link/ether 8e:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff > > > > > 21: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 > > > > > link/ether 8c:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff > > > > > 23: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 > > > > > link/none > > > > > inet 192.168.0.80/24 (http://192.168.0.80/24) scope global tun0 > > > > > > > > > > root at hammerhead:/sdcard/tinc/vpnalma # ip route > > > > > 10.183.70.120/29 (http://10.183.70.120/29) dev rmnet0 proto kernel scope link src 10.183.70.124 > > > > > 10.206.56.132 via 10.183.70.125 dev rmnet0 src 10.183.70.124 > > > > > 10.207.43.46 via 10.183.70.125 dev rmnet0 src 10.183.70.124 > > > > > 192.168.0.0/24 (http://192.168.0.0/24) dev tun0 proto kernel scope link src 192.168.0.80 > > > > > > > > > > root at hammerhead:/sdcard/tinc/vpnalma # ping 192.168.0.20 > > > > > PING 192.168.0.20 (192.168.0.20) 56(84) bytes of data. > > > > > ^C > > > > > --- 192.168.0.20 ping statistics --- > > > > > 10 packets transmitted, 0 received, 100% packet loss, time 9003ms > > > > > 1|root at hammerhead:/sdcard/tinc/vpnalma # > > > > > ???????????????????????????????????????????????????????????????????????????????? > > > > > From the tinc gui log that I can?t copy and paste , I see that the device in connected to cubic but i can?t ping with it. > > > > > > > > > > -- > > > > > Andrea Squeri > > > > > Inviato con Sparrow (http://www.sparrowmailapp.com/?sig) > > > > > > > > > > > > > > > _______________________________________________ > > > > > tinc mailing list > > > > > tinc at tinc-vpn.org (mailto:tinc at tinc-vpn.org) > > > > > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > > > > > > > > > > > > > > > _______________________________________________ > > > > tinc mailing list > > > > tinc at tinc-vpn.org (mailto:tinc at tinc-vpn.org) > > > > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > > > > > > _______________________________________________ > > > > tinc mailing list > > > > tinc at tinc-vpn.org (mailto:tinc at tinc-vpn.org) > > > > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > > > > _______________________________________________ > > > tinc mailing list > > > tinc at tinc-vpn.org (mailto:tinc at tinc-vpn.org) > > > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > > > > > _______________________________________________ > > tinc mailing list > > tinc at tinc-vpn.org (mailto:tinc at tinc-vpn.org) > > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org (mailto:tinc at tinc-vpn.org) > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150327/4d5e5a3c/attachment-0001.html>
Hi there, I've finally had a deeper look and found the Lollipop routing issues root cause: Lollipop uses several routing tables instead of the default one for previous Android versions. The main routing table is used with lowest priority per default: root at hammerhead:/ # ip rule show 0: from all lookup local 10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system 13000: from all fwmark 0x10063/0x1ffff lookup local_network 13000: from all fwmark 0x10064/0x1ffff lookup wlan0 14000: from all oif wlan0 lookup wlan0 15000: from all fwmark 0x0/0x10000 lookup legacy_system 16000: from all fwmark 0x0/0x10000 lookup legacy_network 17000: from all fwmark 0x0/0x10000 lookup local_network 19000: from all fwmark 0x64/0x1ffff lookup wlan0 22000: from all fwmark 0x0/0xffff lookup wlan0 23000: from all fwmark 0x0/0xffff uidrange 0-0 lookup main 32000: from all unreachable root at hammerhead:/ # ip route show # As in your example, there's no default route here 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.42 root at hammerhead:/ # ip route show table wlan0 #But here you find it in the wlan0 table default via 192.168.0.253 dev wlan0 proto static 192.168.0.0/24 dev wlan0 proto static scope link The useful routing table depends on your network conenctivity (wlan0 on wifi, rmnet0 on 3G in my case), and thus the simplest solution is to put tinc's routing in a new table with higher priority: # Use new routing table 100, to have higher priority than lollipop's ones ip rule add prio 100 from all lookup 100 ip route add table 100 $REMOTEADDRESS $ORIGINAL_GATEWAY ip route add table 100 $VPN_GATEWAY dev $INTERFACE I've updated the examples from Tinc GUI's documentation accordingly: http://tinc_gui.poirsouille.org/ Hope this helps, V 2015-03-27 15:38 GMT+01:00 Andrea Squeri <andrea.squeri at gmail.com>:> I switch to lollipop 4 months ago and I never had issue. So for my opinion > it is ready for daily use. > Before try tinc I had my vpn implemented with openvpn, and it works great > on lollipop. I switch to tinc because i prefer a mash vpn topology versus a > client/server topology. > > -- > Andrea Squeri > Inviato con Sparrow <http://www.sparrowmailapp.com/?sig> > > Il giorno venerd? 27 marzo 2015, alle ore 11:57, Alexander Ypema ha > scritto: > > I think it's more of a routing issue than anything explicitly blocking it, > they use a new 'ip rule list' and per user settings that aren't well > documented yet either, but where exactly to point I don't know. I haven't > messed with android 5 much yet, it seems not ready enough yet for daily > use, there isn't a single snapshot in the cyanogenmod repos, for example. > So maybe it's worth to just stick with Android 4 for now? > > Met vriendelijke groet / Kind regards, > Alexander Ypema > > On 27 March 2015 at 08:16, Andrea Squeri <andrea.squeri at gmail.com> wrote: > > I don't know.. It seems that anyone had try to made work tinc with > lollipop. Even googoling i don't found anything about this argoument. > > Andrea Squeri > Il 27/mar/2015 06:55 "Tatsuyuki Ishi" <ishitatsuyuki at gmail.com> ha > scritto: > > SELinux is considered as the biggest problem. > > On Thu, Mar 26, 2015, 22:37 Andrea Squeri <andrea.squeri at gmail.com> wrote: > > Yes. The problem is lollipop. I tried to install tinc on my brother's > device which mount a cyano 10.1( android 4.2.2) and it works. > I don't understand which is the problem with lollipop. Is there a > firewall that block the packets? > > Andrea Squeri > If you are running Lollipop / Android 5.x on your Nexus 5, then you are > probably seeing the same issue I was with it. lollipop seems to change > networking quite a bit in that it's using iptables / and `ip rule list` > extensively for per-user settings. > I think > http://www.linux.org/threads/debugging-nat-prerouting-issues-iptables.7136/ > is relevant if you see running in to the same issue, it's confusing quite a > lot of folks. I was unable to get tinc-gui (or even tincd manually and > tinkering via adb shell) to work so I've downgraded my S5 to a 4.4.2 rom. > I'm not sure if coming up with a fancy tinc-up is the solution or someone > with the ability to get tinc compatible with the official Android VPN API > that a lot of the openvpn apps are using now. > You might be able to draw some inspiration from > https://github.com/offensive-security/kali-nethunter/blob/master/utils/manna/start-nat-full-lollipop.sh > but I haven't tried it since I've been back on 4.4.2. > > On Wed, Mar 25, 2015 at 5:15 AM, Andrea Squeri <andrea.squeri at gmail.com> > wrote: > > Hi, First sorry for my bad English. > I made a vpn wtih tinc for link my home and my two office. In Addition I > want to configure my android device to link with my vpn. > The topology of the net is this: > > cubox(a linux machine in my home with vpn address 192.168.0.20) > groppalbero (a linux machine in my second office with vpn address > 192.168.0.40) > imac(a mac machine in my first office with vpn address 192.168.0.50) > nexus5(my android device with vpn address 192.168.0.80) > > I have configurate all machine and now they all works except the android > device. > On this I use ?Tinc Gui? app for configure it. When I start the tinc > daemon it connect to the configured host and the tun0 interface in created > and configured, but i can ping with any hosts > and any host can ping my android device. the result of ping IS NOT a > network unavailable response. In fact it block un operation and from the > tinc gui log I can see that the packet are received by my android device. > I suspect that can be a problem for the route but I can?t understand which > the problem is. > > For information paste the configuration from cubic and android device: > > CUBOX : > > -------------------------------------------------------------------------------------------------------- > andre at cubox vpnalma]$ cat tinc.conf > # Sample tinc configuration file > > # This is a comment. > # Spaces and tabs are eliminated. > # The = sign isn't strictly necessary any longer, though you may want > # to leave it in as it improves readability :) > # Variable names are treated case insensitive. > > # The name of this tinc host. Required. > Name = cubox > > # The internet host to connect with. > # Comment these out to make yourself a listen-only connection > # You must use the name of another tinc host. > # May be used multiple times for redundance. > #ConnectTo = vaio > #ConnectTo = groppalbero > #ConnectTo = imac > #ConnectTo = servermarcy > > # The tap device tinc will use. > # Default is /dev/tap0 for ethertap or FreeBSD, > # /dev/tun0 for Solaris and OpenBSD, > # and /dev/net/tun for Linux tun/tap device. > Device = /dev/net/tun > [andre at cubox vpnalma]$ cat tinc-up > #!/bin/sh > # This file sets up the tap device. > # It gives you the freedom to do anything you want with it. > # Use the correct name for the tap device: > # The environment variable $INTERFACE is set to the right name > # on most platforms, but if it doesn't work try to set it manually. > > # Give it the right ip and netmask. Remember, the subnet of the > # tap device must be larger than that of the individual Subnets > # as defined in the host configuration file! > ifconfig $INTERFACE 192.168.0.20 netmask 255.255.255.0 > #ip link set $INTERFACE up > #ip addr add 192.168.0.20/32 dev $INTERFACE > #ip route add 192.168.0.0/24 dev $INTERFACE > [andre at cubox vpnalma]$ cat hosts/cubox > #iample host configuration file > # This file was generated by host beta. > > # The real IP address of this tinc host. Can be used by other tinc hosts. > Address = 10.0.0.7 > Address = almaliberty.duckdns.org > # Portnumber for incoming connections. Default is 655. > Port = 655 > > # Subnet on the virtual private network that is local for this host. > Subnet = 192.168.0.20/32 > ???????????????????????????????????????????????????? > The network is so configurated: > > ?????????????????????????????????????????????????????????????????????????????? > > [andre at cubox vpnalma]$ ifconfig > eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 10.0.0.7 netmask 255.255.255.0 broadcast 10.0.0.255 > inet6 fe80::d263:b4ff:fe00:6a6b prefixlen 64 scopeid 0x20<link> > ether d0:63:b4:00:6a:6b txqueuelen 1000 (Ethernet) > RX packets 63975281 bytes 142504956 (135.9 MiB) > RX errors 0 dropped 2 overruns 0 frame 0 > TX packets 35826176 bytes 2648965717 (2.4 GiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > inet6 ::1 prefixlen 128 scopeid 0x10<host> > loop txqueuelen 0 (Local Loopback) > RX packets 167609 bytes 76370891 (72.8 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 167609 bytes 76370891 (72.8 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > vpnalma: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 > inet 192.168.0.20 netmask 255.255.255.0 destination 192.168.0.20 > unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen > 500 (UNSPEC) > RX packets 8876 bytes 1765584 (1.6 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 5939 bytes 2394177 (2.2 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > [andre at cubox vpnalma]$ route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > default router.asus.com 0.0.0.0 UG 1024 0 0 > eth0 > 10.0.0.0 * 255.255.255.0 U 0 0 0 > eth0 > router.asus.com * 255.255.255.255 UH 1024 0 0 > eth0 > 192.168.0.0 * 255.255.255.0 U 0 0 0 > vpnalma > [andre at cubox vpnalma]$ > > ?????????????????????????????????????????????????????????????????? > > ON THE ANDROIDE DEVICE SIDE I HAVE THIS CONFG: > > > u0_a167 at hammerhead:/ $ su > root at hammerhead:/ # cd sdcard/tinc/vpnalma > at tinc.conf < > # Sample tinc configuration file > > # This is a comment. > # Spaces and tabs are eliminated. > # The = sign isn't strictly necessary any longer, though you may want > # to leave it in as it improves readability :) > # Variable names are treated case insensitive. > > # The name of this tinc host. Required. > Name = nexus5 > > # The internet host to connect with. > # Comment these out to make yourself a listen-only connection > # You must use the name of another tinc host. > # May be used multiple times for redundance. > ConnectTo = cubox > ConnectTo = groppalbero > ConnectTo = imac > # The tap device tinc will use. > # Default is /dev/tap0 for ethertap or FreeBSD, > # /dev/tun0 for Solaris and OpenBSD, > # and /dev/net/tun for Linux tun/tap device. > #Mode = switch > Device = /dev/tun > #DeviceType = tap > #Interface = tap0 > #echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter > ScriptsInterpreter = /system/bin/sh > root at hammerhead:/sdcard/tinc/vpnalma # cat tinc-up > #!/bin/sh > # This file sets up the tap device. > # It gives you the freedom to do anything you want with it. > # Use the correct name for the tap device: > # The environment variable $INTERFACE is set to the right name > # on most platforms, but if it doesn't work try to set it manually. > > # Give it the right ip and netmask. Remember, the subnet of the > # tap device must be larger than that of the individual Subnets > # as defined in the host configuration file! > ifconfig $INTERFACE 192.168.0.80 netmask 255.255.255.0 > #echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter > #ip link set $INTERFACE up > #ip addr add 192.168.0.80/24 dev $INTERFACE > #ip route add 192.168.0.0/24 dev $INTERFACE > root at hammerhead:/sdcard/tinc/vpnalma # hosts/nexus5 > sh: hosts/nexus5: can't execute: Permission denied > at hosts/nexus5 < > # Sample host configuration file > > # The real IP address of this tinc host. Can be used by other tinc hosts. > > # Portnumber for incoming connections. Default is 655. > #Port = 655 > > # Subnet on the virtual private network that is local for this host. > Subnet = 192.168.0.80/32 > > -----BEGIN RSA PUBLIC KEY----- > > -----END RSA PUBLIC KEY----- > > root at hammerhead:/sdcard/tinc/vpnalma # ip addr > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: rmnet0: <UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 > link/[530] > inet 10.183.70.124/29 scope global rmnet0 > inet6 fe80::7561:c093:ea26:5781/64 scope link > valid_lft forever preferred_lft forever > 3: rmnet1: <> mtu 2000 qdisc noop state DOWN qlen 1000 > link/[530] > 4: rmnet2: <> mtu 2000 qdisc noop state DOWN qlen 1000 > link/[530] > 5: rmnet3: <> mtu 2000 qdisc noop state DOWN qlen 1000 > link/[530] > 6: rmnet4: <> mtu 2000 qdisc noop state DOWN qlen 1000 > link/[530] > 7: rmnet5: <> mtu 2000 qdisc noop state DOWN qlen 1000 > link/[530] > 8: rmnet6: <> mtu 2000 qdisc noop state DOWN qlen 1000 > link/[530] > 9: rmnet7: <> mtu 2000 qdisc noop state DOWN qlen 1000 > link/[530] > 10: rev_rmnet0: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether a2:f5:64:5f:9d:05 brd ff:ff:ff:ff:ff:ff > 11: rev_rmnet1: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether ea:f8:93:71:83:a1 brd ff:ff:ff:ff:ff:ff > 12: rev_rmnet2: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether 2a:84:3a:f5:3b:f0 brd ff:ff:ff:ff:ff:ff > 13: rev_rmnet3: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether 4a:d5:f8:77:cb:80 brd ff:ff:ff:ff:ff:ff > 14: rev_rmnet4: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether 16:db:e7:e3:f4:39 brd ff:ff:ff:ff:ff:ff > 15: rev_rmnet5: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether 46:3a:94:70:f0:5f brd ff:ff:ff:ff:ff:ff > 16: rev_rmnet6: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether 62:2c:a9:03:e9:4d brd ff:ff:ff:ff:ff:ff > 17: rev_rmnet7: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether f6:8e:08:a1:aa:10 brd ff:ff:ff:ff:ff:ff > 18: rev_rmnet8: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen > 1000 > link/ether 72:92:60:5c:e6:7c brd ff:ff:ff:ff:ff:ff > 19: sit0: <NOARP> mtu 1480 qdisc noop state DOWN > link/sit 0.0.0.0 brd 0.0.0.0 > 20: p2p0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen > 1000 > link/ether 8e:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff > 21: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen > 1000 > link/ether 8c:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff > 23: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast state UNKNOWN qlen 500 > link/none > inet 192.168.0.80/24 scope global tun0 > > > root at hammerhead:/sdcard/tinc/vpnalma # ip route > 10.183.70.120/29 dev rmnet0 proto kernel scope link src 10.183.70.124 > 10.206.56.132 via 10.183.70.125 dev rmnet0 src 10.183.70.124 > 10.207.43.46 via 10.183.70.125 dev rmnet0 src 10.183.70.124 > 192.168.0.0/24 dev tun0 proto kernel scope link src 192.168.0.80 > > > root at hammerhead:/sdcard/tinc/vpnalma # ping 192.168.0.20 > PING 192.168.0.20 (192.168.0.20) 56(84) bytes of data. > ^C > --- 192.168.0.20 ping statistics --- > 10 packets transmitted, 0 received, 100% packet loss, time 9003ms > > 1|root at hammerhead:/sdcard/tinc/vpnalma # > > > ???????????????????????????????????????????????????????????????????????????????? > > From the tinc gui log that I can?t copy and paste , I see that the device > in connected to cubic but i can?t ping with it. > -- > Andrea Squeri > Inviato con Sparrow <http://www.sparrowmailapp.com/?sig> > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150330/1a1eb099/attachment-0001.html>
Thanks for reply.. I'll try and then i'll advise you if it woks Andrea Squeri Il 30/mar/2015 11:38 "Vil Brekin" <vilbrekin at gmail.com> ha scritto:> Hi there, > > I've finally had a deeper look and found the Lollipop routing issues root > cause: Lollipop uses several routing tables instead of the default one for > previous Android versions. The main routing table is used with lowest > priority per default: > > root at hammerhead:/ # ip rule show > 0: from all lookup local > 10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system > 13000: from all fwmark 0x10063/0x1ffff lookup local_network > 13000: from all fwmark 0x10064/0x1ffff lookup wlan0 > 14000: from all oif wlan0 lookup wlan0 > 15000: from all fwmark 0x0/0x10000 lookup legacy_system > 16000: from all fwmark 0x0/0x10000 lookup legacy_network > 17000: from all fwmark 0x0/0x10000 lookup local_network > 19000: from all fwmark 0x64/0x1ffff lookup wlan0 > 22000: from all fwmark 0x0/0xffff lookup wlan0 > 23000: from all fwmark 0x0/0xffff uidrange 0-0 lookup main > 32000: from all unreachable > > root at hammerhead:/ # ip route show > # As in your example, there's no default route here > 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.42 > > root at hammerhead:/ # ip route show table wlan0 > #But here you find it in the wlan0 table > default via 192.168.0.253 dev wlan0 proto static > 192.168.0.0/24 dev wlan0 proto static scope link > > > The useful routing table depends on your network conenctivity (wlan0 on > wifi, rmnet0 on 3G in my case), and thus the simplest solution is to put > tinc's routing in a new table with higher priority: > > # Use new routing table 100, to have higher priority than lollipop's ones > ip rule add prio 100 from all lookup 100 > ip route add table 100 $REMOTEADDRESS $ORIGINAL_GATEWAY > ip route add table 100 $VPN_GATEWAY dev $INTERFACE > > > I've updated the examples from Tinc GUI's documentation accordingly: > http://tinc_gui.poirsouille.org/ > > Hope this helps, > V > > 2015-03-27 15:38 GMT+01:00 Andrea Squeri <andrea.squeri at gmail.com>: > >> I switch to lollipop 4 months ago and I never had issue. So for my >> opinion it is ready for daily use. >> Before try tinc I had my vpn implemented with openvpn, and it works great >> on lollipop. I switch to tinc because i prefer a mash vpn topology versus a >> client/server topology. >> >> -- >> Andrea Squeri >> Inviato con Sparrow <http://www.sparrowmailapp.com/?sig> >> >> Il giorno venerd? 27 marzo 2015, alle ore 11:57, Alexander Ypema ha >> scritto: >> >> I think it's more of a routing issue than anything explicitly blocking >> it, they use a new 'ip rule list' and per user settings that aren't well >> documented yet either, but where exactly to point I don't know. I haven't >> messed with android 5 much yet, it seems not ready enough yet for daily >> use, there isn't a single snapshot in the cyanogenmod repos, for example. >> So maybe it's worth to just stick with Android 4 for now? >> >> Met vriendelijke groet / Kind regards, >> Alexander Ypema >> >> On 27 March 2015 at 08:16, Andrea Squeri <andrea.squeri at gmail.com> wrote: >> >> I don't know.. It seems that anyone had try to made work tinc with >> lollipop. Even googoling i don't found anything about this argoument. >> >> Andrea Squeri >> Il 27/mar/2015 06:55 "Tatsuyuki Ishi" <ishitatsuyuki at gmail.com> ha >> scritto: >> >> SELinux is considered as the biggest problem. >> >> On Thu, Mar 26, 2015, 22:37 Andrea Squeri <andrea.squeri at gmail.com> >> wrote: >> >> Yes. The problem is lollipop. I tried to install tinc on my brother's >> device which mount a cyano 10.1( android 4.2.2) and it works. >> I don't understand which is the problem with lollipop. Is there a >> firewall that block the packets? >> >> Andrea Squeri >> If you are running Lollipop / Android 5.x on your Nexus 5, then you are >> probably seeing the same issue I was with it. lollipop seems to change >> networking quite a bit in that it's using iptables / and `ip rule list` >> extensively for per-user settings. >> I think >> http://www.linux.org/threads/debugging-nat-prerouting-issues-iptables.7136/ >> is relevant if you see running in to the same issue, it's confusing quite a >> lot of folks. I was unable to get tinc-gui (or even tincd manually and >> tinkering via adb shell) to work so I've downgraded my S5 to a 4.4.2 rom. >> I'm not sure if coming up with a fancy tinc-up is the solution or someone >> with the ability to get tinc compatible with the official Android VPN API >> that a lot of the openvpn apps are using now. >> You might be able to draw some inspiration from >> https://github.com/offensive-security/kali-nethunter/blob/master/utils/manna/start-nat-full-lollipop.sh >> but I haven't tried it since I've been back on 4.4.2. >> >> On Wed, Mar 25, 2015 at 5:15 AM, Andrea Squeri <andrea.squeri at gmail.com> >> wrote: >> >> Hi, First sorry for my bad English. >> I made a vpn wtih tinc for link my home and my two office. In Addition I >> want to configure my android device to link with my vpn. >> The topology of the net is this: >> >> cubox(a linux machine in my home with vpn address 192.168.0.20) >> groppalbero (a linux machine in my second office with vpn address >> 192.168.0.40) >> imac(a mac machine in my first office with vpn address 192.168.0.50) >> nexus5(my android device with vpn address 192.168.0.80) >> >> I have configurate all machine and now they all works except the android >> device. >> On this I use ?Tinc Gui? app for configure it. When I start the tinc >> daemon it connect to the configured host and the tun0 interface in created >> and configured, but i can ping with any hosts >> and any host can ping my android device. the result of ping IS NOT a >> network unavailable response. In fact it block un operation and from the >> tinc gui log I can see that the packet are received by my android device. >> I suspect that can be a problem for the route but I can?t understand >> which the problem is. >> >> For information paste the configuration from cubic and android device: >> >> CUBOX : >> >> -------------------------------------------------------------------------------------------------------- >> andre at cubox vpnalma]$ cat tinc.conf >> # Sample tinc configuration file >> >> # This is a comment. >> # Spaces and tabs are eliminated. >> # The = sign isn't strictly necessary any longer, though you may want >> # to leave it in as it improves readability :) >> # Variable names are treated case insensitive. >> >> # The name of this tinc host. Required. >> Name = cubox >> >> # The internet host to connect with. >> # Comment these out to make yourself a listen-only connection >> # You must use the name of another tinc host. >> # May be used multiple times for redundance. >> #ConnectTo = vaio >> #ConnectTo = groppalbero >> #ConnectTo = imac >> #ConnectTo = servermarcy >> >> # The tap device tinc will use. >> # Default is /dev/tap0 for ethertap or FreeBSD, >> # /dev/tun0 for Solaris and OpenBSD, >> # and /dev/net/tun for Linux tun/tap device. >> Device = /dev/net/tun >> [andre at cubox vpnalma]$ cat tinc-up >> #!/bin/sh >> # This file sets up the tap device. >> # It gives you the freedom to do anything you want with it. >> # Use the correct name for the tap device: >> # The environment variable $INTERFACE is set to the right name >> # on most platforms, but if it doesn't work try to set it manually. >> >> # Give it the right ip and netmask. Remember, the subnet of the >> # tap device must be larger than that of the individual Subnets >> # as defined in the host configuration file! >> ifconfig $INTERFACE 192.168.0.20 netmask 255.255.255.0 >> #ip link set $INTERFACE up >> #ip addr add 192.168.0.20/32 dev $INTERFACE >> #ip route add 192.168.0.0/24 dev $INTERFACE >> [andre at cubox vpnalma]$ cat hosts/cubox >> #iample host configuration file >> # This file was generated by host beta. >> >> # The real IP address of this tinc host. Can be used by other tinc hosts. >> Address = 10.0.0.7 >> Address = almaliberty.duckdns.org >> # Portnumber for incoming connections. Default is 655. >> Port = 655 >> >> # Subnet on the virtual private network that is local for this host. >> Subnet = 192.168.0.20/32 >> ???????????????????????????????????????????????????? >> The network is so configurated: >> >> ?????????????????????????????????????????????????????????????????????????????? >> >> [andre at cubox vpnalma]$ ifconfig >> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> inet 10.0.0.7 netmask 255.255.255.0 broadcast 10.0.0.255 >> inet6 fe80::d263:b4ff:fe00:6a6b prefixlen 64 scopeid 0x20<link> >> ether d0:63:b4:00:6a:6b txqueuelen 1000 (Ethernet) >> RX packets 63975281 bytes 142504956 (135.9 MiB) >> RX errors 0 dropped 2 overruns 0 frame 0 >> TX packets 35826176 bytes 2648965717 (2.4 GiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 >> inet 127.0.0.1 netmask 255.0.0.0 >> inet6 ::1 prefixlen 128 scopeid 0x10<host> >> loop txqueuelen 0 (Local Loopback) >> RX packets 167609 bytes 76370891 (72.8 MiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 167609 bytes 76370891 (72.8 MiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> vpnalma: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 >> inet 192.168.0.20 netmask 255.255.255.0 destination 192.168.0.20 >> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >> txqueuelen 500 (UNSPEC) >> RX packets 8876 bytes 1765584 (1.6 MiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 5939 bytes 2394177 (2.2 MiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> [andre at cubox vpnalma]$ route >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref Use >> Iface >> default router.asus.com 0.0.0.0 UG 1024 0 0 >> eth0 >> 10.0.0.0 * 255.255.255.0 U 0 0 0 >> eth0 >> router.asus.com * 255.255.255.255 UH 1024 0 0 >> eth0 >> 192.168.0.0 * 255.255.255.0 U 0 0 0 >> vpnalma >> [andre at cubox vpnalma]$ >> >> ?????????????????????????????????????????????????????????????????? >> >> ON THE ANDROIDE DEVICE SIDE I HAVE THIS CONFG: >> >> >> u0_a167 at hammerhead:/ $ su >> root at hammerhead:/ # cd sdcard/tinc/vpnalma >> at tinc.conf < >> # Sample tinc configuration file >> >> # This is a comment. >> # Spaces and tabs are eliminated. >> # The = sign isn't strictly necessary any longer, though you may want >> # to leave it in as it improves readability :) >> # Variable names are treated case insensitive. >> >> # The name of this tinc host. Required. >> Name = nexus5 >> >> # The internet host to connect with. >> # Comment these out to make yourself a listen-only connection >> # You must use the name of another tinc host. >> # May be used multiple times for redundance. >> ConnectTo = cubox >> ConnectTo = groppalbero >> ConnectTo = imac >> # The tap device tinc will use. >> # Default is /dev/tap0 for ethertap or FreeBSD, >> # /dev/tun0 for Solaris and OpenBSD, >> # and /dev/net/tun for Linux tun/tap device. >> #Mode = switch >> Device = /dev/tun >> #DeviceType = tap >> #Interface = tap0 >> #echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter >> ScriptsInterpreter = /system/bin/sh >> root at hammerhead:/sdcard/tinc/vpnalma # cat tinc-up >> #!/bin/sh >> # This file sets up the tap device. >> # It gives you the freedom to do anything you want with it. >> # Use the correct name for the tap device: >> # The environment variable $INTERFACE is set to the right name >> # on most platforms, but if it doesn't work try to set it manually. >> >> # Give it the right ip and netmask. Remember, the subnet of the >> # tap device must be larger than that of the individual Subnets >> # as defined in the host configuration file! >> ifconfig $INTERFACE 192.168.0.80 netmask 255.255.255.0 >> #echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter >> #ip link set $INTERFACE up >> #ip addr add 192.168.0.80/24 dev $INTERFACE >> #ip route add 192.168.0.0/24 dev $INTERFACE >> root at hammerhead:/sdcard/tinc/vpnalma # hosts/nexus5 >> sh: hosts/nexus5: can't execute: Permission denied >> at hosts/nexus5 < >> # Sample host configuration file >> >> # The real IP address of this tinc host. Can be used by other tinc hosts. >> >> # Portnumber for incoming connections. Default is 655. >> #Port = 655 >> >> # Subnet on the virtual private network that is local for this host. >> Subnet = 192.168.0.80/32 >> >> -----BEGIN RSA PUBLIC KEY----- >> >> -----END RSA PUBLIC KEY----- >> >> root at hammerhead:/sdcard/tinc/vpnalma # ip addr >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 scope host lo >> inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever >> 2: rmnet0: <UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 >> link/[530] >> inet 10.183.70.124/29 scope global rmnet0 >> inet6 fe80::7561:c093:ea26:5781/64 scope link >> valid_lft forever preferred_lft forever >> 3: rmnet1: <> mtu 2000 qdisc noop state DOWN qlen 1000 >> link/[530] >> 4: rmnet2: <> mtu 2000 qdisc noop state DOWN qlen 1000 >> link/[530] >> 5: rmnet3: <> mtu 2000 qdisc noop state DOWN qlen 1000 >> link/[530] >> 6: rmnet4: <> mtu 2000 qdisc noop state DOWN qlen 1000 >> link/[530] >> 7: rmnet5: <> mtu 2000 qdisc noop state DOWN qlen 1000 >> link/[530] >> 8: rmnet6: <> mtu 2000 qdisc noop state DOWN qlen 1000 >> link/[530] >> 9: rmnet7: <> mtu 2000 qdisc noop state DOWN qlen 1000 >> link/[530] >> 10: rev_rmnet0: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether a2:f5:64:5f:9d:05 brd ff:ff:ff:ff:ff:ff >> 11: rev_rmnet1: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether ea:f8:93:71:83:a1 brd ff:ff:ff:ff:ff:ff >> 12: rev_rmnet2: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether 2a:84:3a:f5:3b:f0 brd ff:ff:ff:ff:ff:ff >> 13: rev_rmnet3: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether 4a:d5:f8:77:cb:80 brd ff:ff:ff:ff:ff:ff >> 14: rev_rmnet4: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether 16:db:e7:e3:f4:39 brd ff:ff:ff:ff:ff:ff >> 15: rev_rmnet5: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether 46:3a:94:70:f0:5f brd ff:ff:ff:ff:ff:ff >> 16: rev_rmnet6: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether 62:2c:a9:03:e9:4d brd ff:ff:ff:ff:ff:ff >> 17: rev_rmnet7: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether f6:8e:08:a1:aa:10 brd ff:ff:ff:ff:ff:ff >> 18: rev_rmnet8: <BROADCAST,MULTICAST> mtu 2000 qdisc noop state DOWN qlen >> 1000 >> link/ether 72:92:60:5c:e6:7c brd ff:ff:ff:ff:ff:ff >> 19: sit0: <NOARP> mtu 1480 qdisc noop state DOWN >> link/sit 0.0.0.0 brd 0.0.0.0 >> 20: p2p0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen >> 1000 >> link/ether 8e:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff >> 21: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN >> qlen 1000 >> link/ether 8c:3a:e3:18:bb:55 brd ff:ff:ff:ff:ff:ff >> 23: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >> pfifo_fast state UNKNOWN qlen 500 >> link/none >> inet 192.168.0.80/24 scope global tun0 >> >> >> root at hammerhead:/sdcard/tinc/vpnalma # ip route >> 10.183.70.120/29 dev rmnet0 proto kernel scope link src 10.183.70.124 >> 10.206.56.132 via 10.183.70.125 dev rmnet0 src 10.183.70.124 >> 10.207.43.46 via 10.183.70.125 dev rmnet0 src 10.183.70.124 >> 192.168.0.0/24 dev tun0 proto kernel scope link src 192.168.0.80 >> >> >> root at hammerhead:/sdcard/tinc/vpnalma # ping 192.168.0.20 >> PING 192.168.0.20 (192.168.0.20) 56(84) bytes of data. >> ^C >> --- 192.168.0.20 ping statistics --- >> 10 packets transmitted, 0 received, 100% packet loss, time 9003ms >> >> 1|root at hammerhead:/sdcard/tinc/vpnalma # >> >> >> ???????????????????????????????????????????????????????????????????????????????? >> >> From the tinc gui log that I can?t copy and paste , I see that the device >> in connected to cubic but i can?t ping with it. >> -- >> Andrea Squeri >> Inviato con Sparrow <http://www.sparrowmailapp.com/?sig> >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150330/9920d2c2/attachment-0001.html>