routing trouble (was: crashing on receiving connection)
Eduard Bloch
edi at gmx.de
Fri Mar 9 11:37:40 CET 2001
#include <hallo.h>
Guus Sliepen wrote on Thu Mar 08, 2001 um 11:26:47PM:
> Think of it like this:
> _____________________________________________________________
> | Entire VPN |
> | 192.168.0.0/16 |
> ________________ ________________ _____.. . .
> | tincd A | | tincd B | |
> | 192.168.1.0/24 | | 192.168.2.0/24 | |
I still have problems to imagine your scheme working. What are
192.168.1/2.0/24 in your example? Local networks, which are connected
via tinc-tunnel? Is the following correct:
INTERNET............tinc-tunnel....INTERNET
/---|----------------------\ /-----|------------------\
| A |................ | | B |........... |
|router with . | |router with . |
|inet uplink, tincd | |inet uplink, tincd |
|= gateway for . | |= gateway for . |
|local clients . | |local clients . |
| . | | . |
|eth0 | tap0 | |eth0 | tap0 |
|netmask /24 | netmask /16 | |netmask /24 | netmask /16
|192.168.1.1 | 192.168.1.0 | |192.168.2.1 | 192.168.2.0
| |
LAN LAN
| |
192.168.1.2 192.168.2.*
|
192.168.1.3
|
...
I assume (looking at your picture) we have two local networks with,
192.168.1.0/24 and 192.168.2.0/24 with (let's say) 20 machines in each
network. Each network has a machine working as getway to connect to
internet, doing some services etc. For example: 192.168.1.1 and
192.168.2.1 are our routers. To connect the both networks transparently, we do now
setup ethertap devices with netmask /16, so packet for 192.168.X.X are
sent trough our tap-devices. (except 192.168.1.X on A and 192.168.2.X on B).
hosts/zomb (here b):
Subnet = 192.168.2.0/24
Address = 192.168.0.2
hosts/home (here a):
Subnet = 192.168.1.0/24
Address = 192.168.0.4
So I do on A:
ifconfig eth0:0 192.168.1.2 netmask 255.255.255.0 up # our testing device
ifconfig tap0 192.168.0.0 netmask 255.255.0.0 up
route add -net 192.168.0.0 dev tap0 netmask 255.255.0.0
eth0 Link encap:Ethernet HWaddr 00:00:B4:43:A5:85
inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:188735 errors:0 dropped:1016 overruns:0 frame:318
TX packets:218995 errors:0 dropped:0 overruns:0 carrier:0
collisions:80 txqueuelen:100
Interrupt:10 Base address:0x300
eth0:0 Link encap:Ethernet HWaddr 00:00:B4:43:A5:85
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:286 errors:0 dropped:0 overruns:0 frame:0
TX packets:286 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
tap0 Link encap:Ethernet HWaddr 00:FF:BE:4B:05:01
inet addr:192.168.0.0 Bcast:192.168.1.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0
On B:
ifconfig eth0:0 192.168.2.3
ifconfig vpn 192.168.0.0 netmask 255.255.0.0 up
(kernel 2.4 sets the route automaticaly)
eth0 Link encap:Ethernet HWaddr 00:00:48:DB:AD:07
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5377 errors:0 dropped:0 overruns:0 frame:0
TX packets:5763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:768660 (750.6 Kb) TX bytes:395915 (386.6 Kb)
Interrupt:11 Base address:0x8000
eth0:0 Link encap:Ethernet HWaddr 00:00:48:DB:AD:07
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:11 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16192 Metric:1
RX packets:4930 errors:0 dropped:0 overruns:0 frame:0
TX packets:4930 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1536087 (1.4 Mb) TX bytes:1536087 (1.4 Mb)
vpn Link encap:Ethernet HWaddr 00:FF:BA:D2:8F:0D
inet addr:192.168.2.0 Bcast:192.168.2.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:504 (504.0 b)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 vpn
0.0.0.0 192.168.0.4 0.0.0.0 UG 0 0 0 eth0
So, IMHO this should work. But I get on A following while pinging 192.168.2.3:
Mar 9 11:36:02 isdn tinc.vpn[1572]: Read packet of length 40 from tap device
Mar 9 11:36:02 isdn tinc.vpn[1572]: Trying to look up 0.0.0.0 in connection list failed!
Mar 9 11:36:03 isdn tinc.vpn[1572]: Read packet of length 40 from tap device
Mar 9 11:36:03 isdn tinc.vpn[1572]: Trying to look up 0.0.0.0 in connection list failed!
Similar on B pinging 192.168.1.2:
Mar 9 11:36:38 localhost tinc.vpn[1804]: Read packet of length 46 from tap device
Mar 9 11:36:38 localhost tinc.vpn[1804]: Trying to look up 143.13.192.168 in connection list failed!
Mar 9 11:36:39 localhost tinc.vpn[1804]: Read packet of length 46 from tap device
Mar 9 11:36:39 localhost tinc.vpn[1804]: Trying to look up 143.13.192.168 in connection list failed!
And what is wrong here?
MfG,
Eduard.
--
====================================================================
Eduard Bloch <blade at debian.org>; HP: http://eduard.bloch.com/edecosi
0xEDF008C5(GnuPG): E6EB 98E2 B885 8FF0 6C04 5C1D E106 481E EDF0 08C5
**
Hi! I'm Norton Antivirus. Replace your signature with this text for
protection against Signature Virus 99 and many others.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20010309/29759dc8/attachment.pgp
More information about the Tinc
mailing list