yes, I have these in C host file: Subnet=10.10.0.0/24 Subnet=0.0.0.0/1 Subnet=128.0.0.0/1 ## not metioned, because I think is maybe works in same as 0.0.0.0/1 B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1 I only added one route to 5.6.7.8 via B, not via C On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at gmail.com> wrote:> hi. > > Are you add only 0.0.0.0/1 as route, not 128.0.0.0/1 too? > Did you tried to add route to 5.6.7.8 via C with lesser metric then via B? > > If you have to add static routes only on a few servers, you can add them > to the $HOST-up scripts. > > > > > > On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <gb2313 at gmail.com> wrote: > >> my network: >> >> local pc(192.168.1.2)-->openwrt_adsl_router A( >> 192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24 tinc)<---remote B: >> 10.10.20.1/24 >> ^ >> | >> remote C:10.10.0.1/24 >> >> >> all running tinc 1.0.x, >> >> ADSL router runs as a "server"(only one tinc instance), listening on some >> port, >> client B and C connect to ADSL router, >> from my pc I need to: >> 1. Access B's subnet 192.168.50.1/24 >> 2. Access some WAN websites via C >> 3. no traffic between B and C >> 4. other traffic goes to pppoe interface by default >> >> here are the config files: >> A: router >> >> tincd.conf: >> device = /dev/net/tun >> name = vpn >> interface = vpn >> addressFamilay = ipv4 >> >> ## >> Address=xxx.dyndns.org >> Port=xxx port >> subnet=10.10.10.0/24 >> Subnet=192.168.1.0/24 >> >> ##tinc-up: >> ifconfig vpn 10.10.10.1/24 up >> route add -host 10.10.0.1 dev vpn >> route add -net 10.10.0.0/24 gw 10.10.0.1 >> >> route add -host 10.10.20.1 dev vpn >> route add -net 10.10.20.0/24 gw 10.10.20.1 >> route add -net 192.168.50.0/24 gw 10.10.20.1 (requirement .1) >> >> route add -net many websites networks gw 10.10.0.1 (requirement .2) >> ... >> ########################### >> B: >> connectTo=vpn >> ## >> Subnet=10.10.20.0/24 >> Subnet=192.168.50.0/24 >> >> ## >> ifconfig Binc 10.10.20.1/24 up >> route add -host 10.10.10.1 dev Binc >> route add -net 10.10.10.0/24 gw 10.10.10.1 >> route add -net 192.168.1.0/24 gw 10.10.10.1 >> echo "1" > /proc/sys/net/ipv4/ip_forward >> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >> >> ########################### >> C: >> connectTo=vpn >> ## >> Subnet=10.10.0.0/24 >> Subnet=0.0.0.0/1 ----------> this line only exists in server >> C:/etc/tinc/hosts/C, but I guess it can be learned by router node >> >> ## >> ifconfig Cinc 10.10.0.1/24 up >> route add -host 10.10.10.1 dev Cinc >> route add -net 192.168.1.0/24 gw 10.10.10.1 >> echo "1" > /proc/sys/net/ipv4/ip_forward >> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >> >> ######################## >> router has B and C host files, B don't have C's and C don't have B's host >> file >> >> this works fine for me, >> >> but today, I need to access a WAN server(5.6.7.8) via B, so I added a >> route: >> route add -host 5.6.7.8 gw 10.10.20.1 (B) >> I thought it should work like other routes, but the traffic still goes >> through C, >> after examine the config, I think the problem maybe because of only C >> has "Subnet=0.0.0.0/1" >> >> my questions are: >> 1. why packet has route with default gw to B can be routed to C ? is it >> right behavior? >> 2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to B's host file ? >> I have some trouble to test this now, because B is not easy to >> access,(best way is let it connect to me) >> also, even this way works, I don't want other networks's traffic(added >> route for C) goes through B, or randomly. >> 3. I removed "Subnet=0.0.0.0/1" from C, then all route(to WAN) via B/C >> not work anymore, is there anyway to >> let those "route add (WAN networks) gw 10.10.0.1" works without the >> "Subnet=0.0.0.0/1" ? >> >> >> >> >> >> _______________________________________________ >> tinc mailing list >> tinc at tinc-vpn.org >> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> >> > > > -- > brgds > Maxim Vorontsov > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/8227706e/attachment-0001.html>
I checked your case with my configuration.
I found that you have to add Subnet = {0,128}.0.0.0/1 to
/etc/tinc/tincname/hosts/B AND restart tinc on both ends (B and your
desktop).
Additionaly you have to add Subnet = 5.6.7.8/32#9 on B.
After that I got default route through one server and route to special
address via another. Check it with different checkip.dyndns.org:
$ host checkip.dyndns.org
checkip.dyndns.org is an alias for checkip.dyndns.com.
checkip.dyndns.com has address 216.146.43.70
checkip.dyndns.com has address 91.198.22.70
checkip.dyndns.com has address 216.146.38.70
On Mon, Feb 29, 2016 at 11:51 AM, Zhang Jun <gb2313 at gmail.com> wrote:
> yes, I have these in C host file:
>
> Subnet=10.10.0.0/24
> Subnet=0.0.0.0/1
> Subnet=128.0.0.0/1 ## not metioned, because I think is maybe works in
> same as 0.0.0.0/1
>
> B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1
>
> I only added one route to 5.6.7.8 via B, not via C
>
>
> On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at
gmail.com>
> wrote:
>
>> hi.
>>
>> Are you add only 0.0.0.0/1 as route, not 128.0.0.0/1 too?
>> Did you tried to add route to 5.6.7.8 via C with lesser metric then via
B?
>>
>> If you have to add static routes only on a few servers, you can add
them
>> to the $HOST-up scripts.
>>
>>
>>
>>
>>
>> On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <gb2313 at gmail.com>
wrote:
>>
>>> my network:
>>>
>>> local pc(192.168.1.2)-->openwrt_adsl_router A(
>>> 192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24
tinc)<---remote B:
>>> 10.10.20.1/24
>>>
^
>>>
|
>>> remote C:10.10.0.1/24
>>>
>>>
>>> all running tinc 1.0.x,
>>>
>>> ADSL router runs as a "server"(only one tinc instance),
listening on
>>> some port,
>>> client B and C connect to ADSL router,
>>> from my pc I need to:
>>> 1. Access B's subnet 192.168.50.1/24
>>> 2. Access some WAN websites via C
>>> 3. no traffic between B and C
>>> 4. other traffic goes to pppoe interface by default
>>>
>>> here are the config files:
>>> A: router
>>>
>>> tincd.conf:
>>> device = /dev/net/tun
>>> name = vpn
>>> interface = vpn
>>> addressFamilay = ipv4
>>>
>>> ##
>>> Address=xxx.dyndns.org
>>> Port=xxx port
>>> subnet=10.10.10.0/24
>>> Subnet=192.168.1.0/24
>>>
>>> ##tinc-up:
>>> ifconfig vpn 10.10.10.1/24 up
>>> route add -host 10.10.0.1 dev vpn
>>> route add -net 10.10.0.0/24 gw 10.10.0.1
>>>
>>> route add -host 10.10.20.1 dev vpn
>>> route add -net 10.10.20.0/24 gw 10.10.20.1
>>> route add -net 192.168.50.0/24 gw 10.10.20.1 (requirement .1)
>>>
>>> route add -net many websites networks gw 10.10.0.1 (requirement .2)
>>> ...
>>> ###########################
>>> B:
>>> connectTo=vpn
>>> ##
>>> Subnet=10.10.20.0/24
>>> Subnet=192.168.50.0/24
>>>
>>> ##
>>> ifconfig Binc 10.10.20.1/24 up
>>> route add -host 10.10.10.1 dev Binc
>>> route add -net 10.10.10.0/24 gw 10.10.10.1
>>> route add -net 192.168.1.0/24 gw 10.10.10.1
>>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>
>>> ###########################
>>> C:
>>> connectTo=vpn
>>> ##
>>> Subnet=10.10.0.0/24
>>> Subnet=0.0.0.0/1 ----------> this line only exists in server
>>> C:/etc/tinc/hosts/C, but I guess it can be learned by router node
>>>
>>> ##
>>> ifconfig Cinc 10.10.0.1/24 up
>>> route add -host 10.10.10.1 dev Cinc
>>> route add -net 192.168.1.0/24 gw 10.10.10.1
>>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>
>>> ########################
>>> router has B and C host files, B don't have C's and C
don't have B's
>>> host file
>>>
>>> this works fine for me,
>>>
>>> but today, I need to access a WAN server(5.6.7.8) via B, so I added
a
>>> route:
>>> route add -host 5.6.7.8 gw 10.10.20.1 (B)
>>> I thought it should work like other routes, but the traffic still
goes
>>> through C,
>>> after examine the config, I think the problem maybe because of only
C
>>> has "Subnet=0.0.0.0/1"
>>>
>>> my questions are:
>>> 1. why packet has route with default gw to B can be routed to C ?
is it
>>> right behavior?
>>> 2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to
B's host file
>>> ?
>>> I have some trouble to test this now, because B is not easy to
>>> access,(best way is let it connect to me)
>>> also, even this way works, I don't want other networks's
traffic(added
>>> route for C) goes through B, or randomly.
>>> 3. I removed "Subnet=0.0.0.0/1" from C, then all route(to
WAN) via B/C
>>> not work anymore, is there anyway to
>>> let those "route add (WAN networks) gw 10.10.0.1" works
without the
>>> "Subnet=0.0.0.0/1" ?
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>
>>>
>>
>>
>> --
>> brgds
>> Maxim Vorontsov
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
--
brgds
Maxim Vorontsov
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/4d9779b9/attachment.html>
Hello Tinc'ers: I want to use TIncVPN in a systemd Ubuntu environment. But I want other services to run AFTER tinc has started running and has its tun0 device initialized and ready. Does anybody have a suggestion on what I put into the service files so that they are ExecStart after Tinc has come up at boot time? Thanks, Marco
hi. I suggest you to look at "Automatic Dependencies" in https://www.freedesktop.org/software/systemd/man/systemd.service.html. I think using "After=" and "Recuires=" is more suitable. On Mon, Feb 29, 2016 at 4:48 PM, md at rpzdesign.com <md at rpzdesign.com> wrote:> Hello Tinc'ers: > > I want to use TIncVPN in a systemd Ubuntu environment. > > But I want other services to run AFTER tinc has started running and has > its tun0 device initialized and ready. > > Does anybody have a suggestion on what I put into the service files so > that they are ExecStart after Tinc has come up at boot time? > > Thanks, > > Marco > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-- brgds Maxim Vorontsov -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/e4f6de28/attachment.html>
On Mon, Feb 29, 2016 at 07:48:45AM -0600, md at rpzdesign.com wrote:> I want to use TIncVPN in a systemd Ubuntu environment. > > But I want other services to run AFTER tinc has started running and has its > tun0 device initialized and ready. > > Does anybody have a suggestion on what I put into the service files so that > they are ExecStart after Tinc has come up at boot time?Add this to tinc's .service file: [Install] WantedBy=network-online.target This is assuming your installation of tinc on Ubuntu has a .service file. Alternatively, if you use ifupdown, start tinc from /etc/network/interfaces, like this: auto vpn iface vpn inet manual tinc-net <netname> Note that you can also configure the IP address of the VPN interface from /etc/network/interfaces, in which case you don't need a tinc-up script anymore. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/898f3282/attachment.sig>