Hi all, I'm experiencing a strange problem. I have setup 2 gateways which are behind a NAT router. They are configured in Route mode and have the ips 10.0.0.1/32 and 10.0.0.2/32 on the tinc interface The also have subnets (192.168.1.0/24 and 192.168.2.0/24 respectively). Now the odd thing is that when the VPN comes up they both also add the local subnet to their routes on the tinc interface: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.0.254 0.0.0.0 UG 0 0 0 eth0 10.0.0.1 0.0.0.0 255.255.255.255 UH 10 0 0 tin0 10.0.0.2 0.0.0.0 255.255.255.255 UH 10 0 0 tin0 192.168.1.0 0.0.0.0 255.255.255.0 U 10 0 0 tin0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 10 0 0 tin0 the subnet-up script runs this command: ip route add $SUBNET dev $INTERFACE metric $WEIGHT Linux distro is Debian 7, with stock tinc version (1.0.19-3). Should I filter it in the subnet-up script? I have other installations which don't create this effect. Thank you. Regards, Alessandro
On Tue, May 05, 2015 at 01:18:15PM +0200, Alessandro Briosi wrote:> Now the odd thing is that when the VPN comes up they both also add the local > subnet to their routes on the tinc interface:[...]> the subnet-up script runs this command: > ip route add $SUBNET dev $INTERFACE metric $WEIGHT > > Should I filter it in the subnet-up script? I have other installations which > don't create this effect.Tinc calls the subnet-up script for all Subnets, including those of the local node. If you don't want the local ones added, then the following line will help: [ "$NAME" = "$NODE" ] && exit 0 Are you sure the other installations don't do the same thing? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150505/d960217f/attachment.sig>
Il 2015-05-05 13:29 Guus Sliepen ha scritto:> On Tue, May 05, 2015 at 01:18:15PM +0200, Alessandro Briosi wrote: > >> Now the odd thing is that when the VPN comes up they both also add the >> local >> subnet to their routes on the tinc interface: > [...] >> the subnet-up script runs this command: >> ip route add $SUBNET dev $INTERFACE metric $WEIGHT >> >> Should I filter it in the subnet-up script? I have other installations >> which >> don't create this effect. > > Tinc calls the subnet-up script for all Subnets, including those of the > local node. If you don't want the local ones added, then the following > line will > help: > > [ "$NAME" = "$NODE" ] && exit 0 > > Are you sure the other installations don't do the same thing? >Well, yes. On some I have StrictSubnets enabled, but on others it simply does not add any subnet (i.e. on my central firewall). I have enabled some loggin in the script and effectively it gets all the routing (dunno why it's not adding them) I'll add the above filter. Thanks, Alessandro