TINC 1.0pre2 problem

Guus Sliepen guus at sliepen.warande.net
Sun Jun 11 19:11:44 CEST 2000


On Sun, 11 Jun 2000, David Summers wrote:

> Thanks for the great software package!  The question I have is this:

Thank you :)

> My goal is to set up a triangle topology VPN between three sites and run
> OSPF routing on all the sites so that if a link goes down between any two
> sites the OSPF routing will reroute the packets that used to go between
> the sites A <-> B to A <-> C <-> B and still remain connected.

Hopefully that functionality will be included in the final 1.0 version of
tinc.

> Here is my setup (I turned off Masquerading for these tests to make sure
> that it wasn't something silly like that).

> Network A = 192.168.1.0/24

You are using 192.168.x.y addresses for your internal network, but
10.x.y.z addresses for tinc! Why is that? Tinc does not need it's own
IP's, you just have to put the ones you are already using in the
configuration file.

> ==== Router A tinc.conf ====
> TapDevice = /dev/tap0
> ConnectTo = 216.63.158.19
> MyVirtualIP = 10.0.0.1/8
> VpnMask = 255.0.0.0
> AllowConnect = no
> ============================

Your MyVirtualIP should be 10.0.0.1/24, not /8. The subnet the tincd on
router A represents is a class C subnet. However, the VpnMask is different
- it is used to tell the startup script what the scope of the ENTIRE
private network is.

> Router A "netstat -rn | grep tap0":
> 192.168.254.0      10.0.0.2      255.255.255.0   UG     0 0      0 tap0
> 10.0.0.0           0.0.0.0       255.0.0.0       U      0 0      0 tap0

Tinc will only correctly transfer packets with 10.x.y.z IP's. Your routing
table suggests you think you have to send all 192.168.254.x packets to the
gateway you think the daemon on the other side is.

> It is possible that my question boils down to this:
> Is the VPN link between networks a Point to Point Link or is it a regular
> network?  I think the configuration would be different in both of those
> cases.

It's not point-to-point :). Try this:

Router A tinc.conf:
===================
TapDevice = /dev/tap0
ConnectTo = 216.63.158.19
MyVirtualIP = 192.168.254.0/24
VpnMask = 255.255.0.0
===================

Routing table:
--------------
192.168.0.0	0.0.0.0		255.255.0.0	U	0 0	0 tap0

Router B likewise.

I hope this will help! We are not bothered at all by your questions, so if
you have more of them, please ask! And we'd also be happy to hear your
comments.

Met vriendelijke groet,
Guus Sliepen.

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/



More information about the Tinc mailing list