Hi there,
I would need some help with my configuration. I have tried a long time,
but did not find my error. Thus I would really appreciate your help.
There are three hosts:
1. h181
2. h182: Should ConnectTo h181
3. h183: Should ConnectTo h181
*Files under /etc/tinc/vpn0/hosts*
[h181:]
Address = 94.130.108.xxx
Subnet = 172.16.1.1/32
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----
[h182:]
Subnet = 172.16.1.2/32
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----
[h183:]
Subnet = 172.16.1.3/32
-----BEGIN RSA PUBLIC KEY-----
***
-----END RSA PUBLIC KEY-----
*tinc.conf files:*
[tinc.conf h181:]
Name = h181
Device = /dev/net/tun
BindToAddress = 0.0.0.0
AddressFamily = ipv4
[tinc.conf h182:]
Name = h182
Device = /dev/net/tun
ConnectTo = h181
BindToAddress = 0.0.0.0
AddressFamily = ipv4
[tinc.conf h183:]
Name = h183
Device = /dev/net/tun
ConnectTo = h181
BindToAddress = 0.0.0.0
AddressFamily = ipv4
*tinc-up Files:*
[tinc-up h181:]
#!/bin/sh
#
# Must use IP 172.16.1.1
#
/sbin/ifconfig $INTERFACE 172.16.1.1 netmask 255.255.255.0
[tinc-up h182:]
#!/bin/sh
#
# Must use IP 172.16.1.2
#
/sbin/ifconfig $INTERFACE 172.16.1.2 netmask 255.255.255.0
[tinc-up h182:]
#!/bin/sh
#
# Must use IP 172.16.1.3
#
/sbin/ifconfig $INTERFACE 172.16.1.3 netmask 255.255.255.0
The occuring errors are:
* Ping from h182 (172.16.1.2) and h183 (172.16.1.3) to h181
(172.16.1.1) is not possible
* Ping from h181 to h182 and h183 and between h182 and h183 are
possible, but extremely slow (some about 1000ms; ping to public IP
is about 10ms)
When I start tinc with tincd -n netname -d5 -D everything seems normal,
many PINGs and PONGs are displayed.
In route -n it is displayed on all hosts:
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vpn0
When stopping tincd on h182 or h183 pings between the two remaining
hosts are possible and fast.
I am using tinc 1.0.24-2.1 (Debian).
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20170930/26017f61/attachment.html>
On Sat, Sep 30, 2017 at 03:29:41PM +0200, Marius Fröhlich wrote:> There are three hosts: > > 1. h181 > 2. h182: Should ConnectTo h181 > 3. h183: Should ConnectTo h181[...]> The occuring errors are: > > * Ping from h182 (172.16.1.2) and h183 (172.16.1.3) to h181 > (172.16.1.1) is not possible > * Ping from h181 to h182 and h183 and between h182 and h183 are > possible, but extremely slow (some about 1000ms; ping to public IP > is about 10ms) > > When I start tinc with tincd -n netname -d5 -D everything seems normal, > many PINGs and PONGs are displayed. > > In route -n it is displayed on all hosts: > > 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vpn0 > > When stopping tincd on h182 or h183 pings between the two remaining > hosts are possible and fast.Are h182 and h183 behind the same router? It might help to show us a copy of the output from tincd -d5 -D on a node while you are trying to ping over the VPN. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20171001/1821edf7/attachment.sig>