tinc - Aug 2018 - Routing setup with pfSense package

WOW! OK! The light bulb above my head just came on.
I added the script to the Subnet Up Script section, and now all the
routes I need have been added in to the table for me.
I did have to modify the line a little since I'm using pfSense
(FreeBSD). I changed it to...

route add "$SUBNET" -iface "$INTERFACE"

...I also used...

route del "$SUBNET" -iface "$INTERFACE"

...for the Subnet Down Script section of the config.

Do you know if the "VPN Netmask" option is specific to the pfSense
implementation, or does it correspond to a tinc config item?


On Tue, Aug 28, 2018 at 6:35 PM Lars Kruse <lists at sumpfralle.de>
wrote:
>
> Hello Corey,
>
>
> Am Tue, 28 Aug 2018 16:23:02 -0400
> schrieb Corey Boyle <coreybrett at gmail.com>:
>
> > See this thread for more details...
> >
> > https://forum.netgate.com/topic/134218/tinc-initial-setup
>
>
> I think, the crucial misunderstanding in the above thread is the following:
>
> > However, the routeing table on each router does not reflect this
information
> > and only has a single route added for the tun interface.
>
> I think it is important to understand, that tinc (unlike OpenVPN, for
example)
> does not provide any network configuration details for you. It just creates
a
> network interface and deals with packets, that flow into or out of this
> interface.
> Everything else (configuring IP addresses and routing) needs to be done by
you
> in the scripts (tinc-(up|down), subnet-(up|down), ...).
>
> For your case I guess, that the following script "subnet-up"
could be
> sufficient:
>
>  #!/bin/sh
>  ip route add "$SUBNET" dev "$INTERFACE"
>
> ("subnet-down" should do the opposite)
>
> Cheers,
> Lars
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

On Wed, Aug 29, 2018 at 12:46 PM, Corey Boyle <coreybrett at gmail.com>
wrote:
> Do you know if the "VPN Netmask" option is specific to the
pfSense
> implementation, or does it correspond to a tinc config item?
In Tinc, I believe each host has it's own Subnet, and that each such
Subnet has whatever netmask it has.

I believe there is no "VPN(-wide) Netmask" in Tinc.

-Parke

I just found that the VPN Netmask option in the pfSense tinc GUI is
related to the "netmask" option in /usr/local/etc/tinc/tinc-up

ifconfig $INTERFACE 192.168.117.1 netmask 255.255.0.0

What exactly is this line doing? Is it assigning the address that my
lan adapter has to the tunnel interface as well?

I'm interested in using tinc in production, so I'm trying to learn as
much as I can about what's under the hood.

On 29 Aug 2018, at 21:59 , Parke <parke.nexus at gmail.com>
wrote:
> 
> On Wed, Aug 29, 2018 at 12:46 PM, Corey Boyle <coreybrett at
gmail.com> wrote:
>> Do you know if the "VPN Netmask" option is specific to the
pfSense
>> implementation, or does it correspond to a tinc config item?
> 
> In Tinc, I believe each host has it's own Subnet, and that each such
> Subnet has whatever netmask it has.
> 
> I believe there is no "VPN(-wide) Netmask" in Tinc.
Correct, I rather suspect the TINC scripts for inserting the routes into the
OS/pfSense/FreeBSD’s FIB wasn’t executed or created??


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20180829/3be0005d/attachment.sig>