thr3ads.net - tinc - partial SSH and Ping problem across VPN [Feb 2019]

If this information is useful, please help other people find it:
Share via:

jradxl at yahoo.com

2019-Feb-07 14:31 UTC

partial SSH and Ping problem across VPN

Hello,I have 6 Ubuntu 18.04 machines in a Tinc (1.35) network, where 3 are in
Spain and 3 in UK.One machine in each country is running Tinc, and as both ends
are behind NAT, they both connect outward to an Upcloud VM.
The 4 non-tinc machines can Ping and SSH each other without issue, and so from
that point of view, the Tinc VPN is working fine.However, the 2 tinc machines
can only ping and ssh each other across the vpn - they cannot reach any of the
other 4 machines.- they can of course ping and ssh the 2 machines on their own
network.
I have found that I need to provide the 3 tinc machines with their own IPv4
network, as other approaches cause the networking on the Ubuntu machines to lock
up.IPv4 forwarding is turned on, and all 4 non-tinc machine have static routes
configured, and the tinc machines have routes via the tun0 interfaces.
I have found i need TCPonly=yes to stop any Unknown messages.
With a tail on the log files and using to ping, I can see reports of messages
going across the vpn.But when trying ping on the tinc machines, the log message
is slightly different between the tinc and non-tinc machines - so I'm not
sure the ICMP message is actually getting into the tun0 interface.
As the config is very symmetrical, I enclose here the config of one side.
###TINC.CONFConnectTo=upcloudName = zotacubuntu1AddressFamily = ipv4Device =
/dev/net/tunLocalDiscovery = yesTCPOnly = yes
###TINC-UPip link  set $INTERFACE upip addr  add 192.168.60.20/24 dev $INTERFACE
ip route add 192.168.4.0/24  dev $INTERFACE

###hosts/zotacubuntu1Address =UK.dyndns.orgPort = 655Subnet = 192.168.60.20/32
Subnet = 192.168.14.0/24
###route -nKernel IP routing tableDestination     Gateway         Genmask       
 Flags Metric Ref    Use Iface0.0.0.0         192.168.14.1    0.0.0.0       
 UG    0      0        0 wlp2s0169.254.0.0     0.0.0.0         255.255.0.0   
 U     1000   0        0 wlp2s0192.168.4.0     0.0.0.0         255.255.255.0 
 U     0      0        0 tun0192.168.14.0    0.0.0.0         255.255.255.0   U 
   0      0        0 wlp2s0192.168.60.0    0.0.0.0         255.255.255.0   U   
 0      0        0 tun0

I've run out of ideas as to why.
Can anyone suggest reason and/or what else I can try?
ThanksJohn
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20190207/9d49ef8f/attachment.html>

tinc - Feb 2019 - partial SSH and Ping problem across VPN

partial SSH and Ping problem across VPN

Reasonably Related Threads

Wisdom of the Ancients