Hi! I'm currently using Tinc to create a VPN between a Linux server, a Windows server, and my local laptop and desktop computers (both running Windows). I picked an IP in the 10.123.1.x range for each server, and added something like "Subnet = 10.123.1.1/32" to each host config file. It's working very well! What I'd like to do now is expose an extra subnet to the VPN. The Linux server has LXC containers in the 192.168.122.1/24 subnet. I'd like any hits to 192.168.122.x to go to that particular server. I tried simply modifying the host config to also include that subnet: Subnet = 10.123.1.1/32 Subnet = 192.168.122.1/24 But that didn't work - Pings to 192.168.122.3 from other hosts on the VPN just time out When I run "route print" on the Windows machines, I don't see any routes for that IP range. Do I need to do any extra config on the Linux server, or do I need to somehow configure additional routing rules on my Windows machines? This is how I configured Tinc in /etc/networking/interfaces on the Linux machine: auto tincvpn iface tincvpn inet static address 10.123.1.1 netmask 255.255.255.0 tinc-net vpn tinc-debug 1 tinc-mlock yes tinc-user nobody tinc-pidfile /run/tinc.pid Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20181204/c85112de/attachment.html>
I worked this out - I just had to manually add a route on the Windows machines: route add 192.168.122.0 mask 255.255.255.0 10.123.1.4 (where 10.123.1.4 is the local IP on the Tinc interface) I was hoping that Tinc would automatically configure the routing tables, but configuring it manually is fine. On Tue, Dec 4, 2018 at 11:10 PM Daniel Lo Nigro <lists at d.sb> wrote:> Hi! > > I'm currently using Tinc to create a VPN between a Linux server, a Windows > server, and my local laptop and desktop computers (both running Windows). I > picked an IP in the 10.123.1.x range for each server, and added something > like "Subnet = 10.123.1.1/32" to each host config file. It's working very > well! > > What I'd like to do now is expose an extra subnet to the VPN. The Linux > server has LXC containers in the 192.168.122.1/24 subnet. I'd like any > hits to 192.168.122.x to go to that particular server. I tried simply > modifying the host config to also include that subnet: > > Subnet = 10.123.1.1/32 > Subnet = 192.168.122.1/24 > > But that didn't work - Pings to 192.168.122.3 from other hosts on the VPN > just time out > > When I run "route print" on the Windows machines, I don't see any routes > for that IP range. > > Do I need to do any extra config on the Linux server, or do I need to > somehow configure additional routing rules on my Windows machines? > > This is how I configured Tinc in /etc/networking/interfaces on the Linux > machine: > > auto tincvpn > iface tincvpn inet static > address 10.123.1.1 > netmask 255.255.255.0 > tinc-net vpn > tinc-debug 1 > tinc-mlock yes > tinc-user nobody > tinc-pidfile /run/tinc.pid > > > Thanks! > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20181205/43a0a9dd/attachment.html>
On 6/12/18 11:45 am, Daniel Lo Nigro wrote:> I worked this out - I just had to manually add a route on the Windows > machines: > > route add 192.168.122.0 mask 255.255.255.0 10.123.1.4 > > (where 10.123.1.4 is the local IP on the Tinc interface) > I was hoping that Tinc would automatically configure the routing > tables, but configuring it manually is fine.Tinc will run its hook scripts subnet-up and subnet-down when it learns about subnets at other nodes. https://www.tinc-vpn.org/documentation/Scripts.html Unfortunately I could not find an example of these for Windows. I posted about this a couple of weeks back but did not get any response. Hamish -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20181206/8de9e6ff/attachment.html>