TINC 1.0pre2 problem
David Summers
david at summersoft.fay.ar.us
Mon Jun 12 01:29:29 CEST 2000
OK, I got it. What I did was put the interface IP on Router A to
192.168.1.1/24 (network A) and made the VPN mask 255.255.0.0 (the "wider"
network).
Vice-versa on the other router B.
(If you try enough combinations then sooner or later you are bound to hit
it with pure luck if you are methodical about it! :-)
I did have the interface for network B on the network A router and
vice-versa on the other one.
Interesting. Not what I expected, but hey, if it works, then awesome!
If I understand correctly then what it is saying is that this IP address
on my current network is a gateway to a bigger network that can pass the
traffic on to the other network.
I'm still interested in hearing about the possible routing protocol built
in to the meta protocol of TINC.
Thanks for your help!
- David Summers
On Sun, 11 Jun 2000, Guus Sliepen wrote:
> Date: Sun, 11 Jun 2000 19:11:44 +0200 (CEST)
> From: Guus Sliepen <guus at sliepen.warande.net>
> To: David Summers <david at summersoft.fay.ar.us>
> Cc: tinc at nl.linux.org
> Subject: Re: TINC 1.0pre2 problem
>
> On Sun, 11 Jun 2000, David Summers wrote:
>
> > Thanks for the great software package! The question I have is this:
>
> Thank you :)
>
> > My goal is to set up a triangle topology VPN between three sites and run
> > OSPF routing on all the sites so that if a link goes down between any two
> > sites the OSPF routing will reroute the packets that used to go between
> > the sites A <-> B to A <-> C <-> B and still remain connected.
>
> Hopefully that functionality will be included in the final 1.0 version of
> tinc.
>
> > Here is my setup (I turned off Masquerading for these tests to make sure
> > that it wasn't something silly like that).
>
> > Network A = 192.168.1.0/24
>
> You are using 192.168.x.y addresses for your internal network, but
> 10.x.y.z addresses for tinc! Why is that? Tinc does not need it's own
> IP's, you just have to put the ones you are already using in the
> configuration file.
>
> > ==== Router A tinc.conf ====
> > TapDevice = /dev/tap0
> > ConnectTo = 216.63.158.19
> > MyVirtualIP = 10.0.0.1/8
> > VpnMask = 255.0.0.0
> > AllowConnect = no
> > ============================
>
> Your MyVirtualIP should be 10.0.0.1/24, not /8. The subnet the tincd on
> router A represents is a class C subnet. However, the VpnMask is different
> - it is used to tell the startup script what the scope of the ENTIRE
> private network is.
>
> > Router A "netstat -rn | grep tap0":
> > 192.168.254.0 10.0.0.2 255.255.255.0 UG 0 0 0 tap0
> > 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 tap0
>
> Tinc will only correctly transfer packets with 10.x.y.z IP's. Your routing
> table suggests you think you have to send all 192.168.254.x packets to the
> gateway you think the daemon on the other side is.
>
> > It is possible that my question boils down to this:
> > Is the VPN link between networks a Point to Point Link or is it a regular
> > network? I think the configuration would be different in both of those
> > cases.
>
> It's not point-to-point :). Try this:
>
> Router A tinc.conf:
> ===================
> TapDevice = /dev/tap0
> ConnectTo = 216.63.158.19
> MyVirtualIP = 192.168.254.0/24
> VpnMask = 255.255.0.0
> ===================
>
> Routing table:
> --------------
> 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0
>
> Router B likewise.
>
> I hope this will help! We are not bothered at all by your questions, so if
> you have more of them, please ask! And we'd also be happy to hear your
> comments.
>
> Met vriendelijke groet,
> Guus Sliepen.
>
>
David Wayne Summers "Linux: Because reboots are for upgrades!"
david at summersoft.fay.ar.us PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint = C0 E0 4F 50 DD A9 B6 2B 60 A1 31 7E D2 28 6D A8
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
More information about the Tinc
mailing list