tinc - Feb 2020 - Routing between networks

Problem:

I have four networks, A, B, C, and D

Networks B, C, and D should not be able to see each other.

Network A should be able to see all of them.

A - 172.16.1.1/24
B - 172.16.2.1/24
C - 172.16.3.1/24
D - 172.16.0.1/24

For host machine X, which is at 172.16.1.100/24 (network A), I added a 
route for it to ping a machine (Y) on the network B:

     ip route add 172.16.2.0/24 via 172.16.1.100 dev webservices

Running tincd on the node from the command line (tincd -D -n 
webservices), and using CTRL+C to drop to debug level 5, I can see the 
ping packet getting received from computer X, and being forwarded to 
computer Y.

However, computer X never receives a reply.

I *think* this is because computer Y doesn't know how to route the 
return packet.

Is this correct? Or am I missing something else?

If this is correct, how do I tell tinc to route the packet back to 
computer X?

-- 

	
Michael Munger, dCAP, MCPS, MCNPS, MBSS
*Microsoft Certified Professional*
*Microsoft Certified Small Business Specialist*
*Digium Certified Asterisk Professional*
*High Powered Help, Inc.*
p: 	678-905-8569
w: 	hph.io <https://hph.io> e: mj at hph.io <mailto:mj at hph.io>



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20200218/80804fb5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: heendbeknjicdbfi.png
Type: image/png
Size: 738 bytes
Desc: not available
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20200218/80804fb5/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mj.vcf
Type: text/x-vcard
Size: 280 bytes
Desc: not available
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20200218/80804fb5/attachment.vcf>

Hi Michael,

there are a lot of things missing in your email, but yes - one route
is only half of the job. The pong has to find it's way as well.

You can double check the paths of packets using a tool like wireshark
or tcpdump.

Greetings
P J

On Tue, 18 Feb 2020 10:59:07 -0500
Michael Munger <mj at hph.io> wrote:
> Problem:
> 
> I have four networks, A, B, C, and D
> 
> Networks B, C, and D should not be able to see each other.
> 
> Network A should be able to see all of them.
> 
> A - 172.16.1.1/24
> B - 172.16.2.1/24
> C - 172.16.3.1/24
> D - 172.16.0.1/24
> 
> For host machine X, which is at 172.16.1.100/24 (network A), I added
> a route for it to ping a machine (Y) on the network B:
> 
>      ip route add 172.16.2.0/24 via 172.16.1.100 dev webservices
> 
> Running tincd on the node from the command line (tincd -D -n 
> webservices), and using CTRL+C to drop to debug level 5, I can see
> the ping packet getting received from computer X, and being forwarded
> to computer Y.
> 
> However, computer X never receives a reply.
> 
> I *think* this is because computer Y doesn't know how to route the 
> return packet.
> 
> Is this correct? Or am I missing something else?
> 
> If this is correct, how do I tell tinc to route the packet back to 
> computer X?
>