Hello,I have 6 Ubuntu 18.04 machines in a Tinc (1.35) network, where 3 are in Spain and 3 in UK.One machine in each country is running Tinc, and as both ends are behind NAT, they both connect outward to an Upcloud VM. The 4 non-tinc machines can Ping and SSH each other without issue, and so from that point of view, the Tinc VPN is working fine.However, the 2 tinc machines can only ping and ssh each other across the vpn - they cannot reach any of the other 4 machines.- they can of course ping and ssh the 2 machines on their own network. I have found that I need to provide the 3 tinc machines with their own IPv4 network, as other approaches cause the networking on the Ubuntu machines to lock up.IPv4 forwarding is turned on, and all 4 non-tinc machine have static routes configured, and the tinc machines have routes via the tun0 interfaces. I have found i need TCPonly=yes to stop any Unknown messages. With a tail on the log files and using to ping, I can see reports of messages going across the vpn.But when trying ping on the tinc machines, the log message is slightly different between the tinc and non-tinc machines - so I'm not sure the ICMP message is actually getting into the tun0 interface. As the config is very symmetrical, I enclose here the config of one side. ###TINC.CONFConnectTo=upcloudName = zotacubuntu1AddressFamily = ipv4Device = /dev/net/tunLocalDiscovery = yesTCPOnly = yes ###TINC-UPip link set $INTERFACE upip addr add 192.168.60.20/24 dev $INTERFACE ip route add 192.168.4.0/24 dev $INTERFACE ###hosts/zotacubuntu1Address =UK.dyndns.orgPort = 655Subnet = 192.168.60.20/32 Subnet = 192.168.14.0/24 ###route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.14.1 0.0.0.0 UG 0 0 0 wlp2s0169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp2s0192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0192.168.14.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp2s0192.168.60.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 I've run out of ideas as to why. Can anyone suggest reason and/or what else I can try? ThanksJohn -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190207/9d49ef8f/attachment.html>