Config error - please help-continue
Kostadin Galabov
kostura at visia.com
Tue May 8 11:37:17 CEST 2001
OK, after disableing arp on server mashine (Yes I forget to tell you this is
2.4.3 kernel, sorry), tcpdump on server mashine shows :
12:30:05.741021 rtr-us.iris.bg > 192.168.0.1: icmp: echo request (DF)
12:30:06.741023 rtr-us.iris.bg > 192.168.0.1: icmp: echo request (DF)
it seems now packets are received on the slave mashine (I can see the
traffic on my firewall) but now on both client and server packets are not
sent from tap device to the eth device.
This is a diagram of how my config looks:
---------- Firewall
| US_VPN | VPN Server
----------
|
Inet
|
------------
| Firewall | (Inet IP and 192.168.0.1 LAN IP) Here I do portmapping of
<InetIP>:655 to
------------ 192.168.0.5:655 (for both TCP and UDP)
|
------------
| BG_VPN | VPN Server (192.168.0.5 on eth0)
------------
These are the outputs of ifconfig:
US_VPN:
eth0 Link encap:Ethernet HWaddr 00:04:76:1B:C6:1C
inet addr:x.x.x.x Bcast:x.x.x.x Mask:255.255.255.240
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:162540 errors:5 dropped:0 overruns:0 frame:5
TX packets:44217 errors:0 dropped:0 overruns:0 carrier:0
collisions:1 txqueuelen:100
Interrupt:12 Base address:0xcc00
eth1 Link encap:Ethernet HWaddr 00:04:76:1B:CC:46
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:35521 errors:0 dropped:0 overruns:0 frame:0
TX packets:46780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16144 Metric:1
RX packets:400 errors:0 dropped:0 overruns:0 frame:0
TX packets:400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
vpn_net Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.252.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
and BG_VPN:
eth0 Link encap:Ethernet HWaddr 00:01:02:CC:80:2D
inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:260374 errors:0 dropped:0 overruns:0 frame:0
TX packets:252197 errors:0 dropped:0 overruns:0 carrier:0
collisions:651 txqueuelen:100
Interrupt:11 Base address:0x6200
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:40884 errors:0 dropped:0 overruns:0 frame:0
TX packets:40884 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
tap0 Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.252.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:203 errors:0 dropped:0 overruns:0 frame:0
TX packets:1822 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
-----Original Message-----
From: owner-tinc at nl.linux.org [mailto:owner-tinc at nl.linux.org]On Behalf
Of Guus Sliepen
Sent: Tuesday, May 08, 2001 11:31
To: tinc at nl.linux.org
Subject: Re: Config error - please help-continue
On Tue, May 08, 2001 at 09:59:34AM +0300, Kostadin Galabov wrote:
> It seems the other host responds, but packets are not sent vrom tap0 to
> eth0.
>
> On server host, when I ping 192.168.0.1, there is no info in syslog, but
> tcpdump -i vpn_net gives me this:
>
> 09:46:28.134738 arp who-has 192.168.0.1 tell rtr-us.iris.bg
> 09:46:29.131001 arp who-has 192.168.0.1 tell rtr-us.iris.bg
> 09:46:30.130997 arp who-has 192.168.0.1 tell rtr-us.iris.bg
[...]
>
> I wonder if it is because the client mashine is masqueraded and behind
> firewall. And I portmapped 655 port (TCP and UDP) on the firewall to point
> to respective ports on the client mashine, but maybe this is not right ?
That's not right. The problem is a difference between 2.2 kernel ethertap
and
2.4 kernel tuntap as I assume you are using on the other machine. You have
to
disable ARP on the tap devices. You can do that by adding an extra ifconfig
to
the startup script:
ifconfig vpn_net -arp
For consistency you could also do that on the tap0 from the other machine.
-------------------------------------------
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.warande.net>
-------------------------------------------
See also: http://tinc.nl.linux.org/
http://www.kernelbench.org/
-------------------------------------------
-
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
More information about the Tinc
mailing list