Connection Problem
Daniel Holden
dholden at idsb.net
Thu Nov 22 03:28:44 CET 2001
Thank you for the response. I finally got some time to work on this
problem. Following is the info you requested. Hope it's not too much
but I didn't want to leave out anything that may have been of
importance.
ServerA:
###/tinc/office_vpn/tinc.conf
Name = ServerA
TapDevice = /dev/tun
PrivateKeyFile = /usr/local/etc/tinc/office_vpn/rsa_key.priv
###/tinc/office_vpn/hosts/ServerA
Address = 209.1.1.1
Subnet = 192.168.255.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
###/tinc/office_vpn/hosts/ServerB
Address = 209.1.1.2
Subnet = 192.168.1.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
............................................................
ServerB:
###/tinc/office_vpn/tinc.conf
Name = ServerB
ConnectTo = ServerA
TapDevice = /dev/tun
PrivateKeyFile = /usr/local/etc/tinc/office_vpn/rsa_key.priv
###/tinc/office_vpn/hosts/ServerA
Address = 209.1.1.1
Subnet = 192.168.255.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
###/tinc/office_vpn/hosts/ServerB
Address = 209.1.1.2
Subnet = 192.168.1.0/24
-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
...................................................
Result of "ifconfig -a" on ServerB:
eth0 Link encap:Ethernet HWaddr 00:A0:CC:DB:F2:57
inet addr:209.1.1.1 Bcast:209.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 00:A0:CC:DB:FB:2C
inet addr:209.1.2.1 Bcast:209.1.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth2 Link encap:Ethernet HWaddr 00:A0:CC:DB:DC:55
inet addr:192.168.1.253 Bcast:192.168.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
office_vp Link encap:Ethernet HWaddr FE:FD:00:00:00:00
inet addr:192.168.1.253 Bcast:192.168.1.255 Mask:255.255.0.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
................................................................................
Result of "route" on ServerB:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 209-1-2-1 255.255.255.0 UG 0 0 0
eth1
office_vpn * 255.255.255.0 U 0
0 0 eth2
209.1.2.0 * 255.255.255.0 U 0
0 0 eth1
209.1.1.0 * 255.255.255.0 U 0
0 0 eth0
192.168.0.0 * 255.255.0.0 U 0
0 0 office_vpn
127.0.0.0 * 255.0.0.0 U 0
0 0 lo
default 209-1-1-10 0.0.0.0 UG 0 0 0
eth0
...................................................................................
Result of "iptables -t nat -L -v" on ServerB:
Chain PREROUTING (policy ACCEPT 4075 packets, 823K bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- any any anywhere
209.1.1.0/24 tcp dpt:tinc to:192.168.1.253:655
Chain POSTROUTING (policy ACCEPT 664 packets, 158K bytes)
pkts bytes target prot opt in out source
destination
348 24626 MASQUERADE all -- any eth0 anywhere
anywhere
0 0 ACCEPT all -- any any 209.1.1.0/24
anywhere
Chain OUTPUT (policy ACCEPT 2578 packets, 332K bytes)
pkts bytes target prot opt in out source
destination
...................................................................................
Result of "iptables -L -v" on ServerB:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2 118 ACCEPT all -- any any mail.idsb.net
anywhere
0 0 ACCEPT all -- any any 209-1-20-1
anywhere
0 0 ACCEPT all -- any any 209-1-20-1
anywhere
0 0 ACCEPT all -- any any 192.168.255.1
anywhere
0 0 ACCEPT all -- any any 192.168.0.0/16
anywhere
0 0 ACCEPT tcp -- any any mail.idsb.net
209.1.1.0/24 tcp dpt:tinc
0 0 ACCEPT udp -- any any mail.idsb.net
209.1.1.0/24 udp dpt:tinc
0 0 ACCEPT tcp -- any any anywhere
209.1.1.0/24 tcp dpt:domain
0 0 ACCEPT udp -- any any anywhere
209.1.1.0/24 udp dpt:domain
5 468 ACCEPT all -- lo any anywhere
anywhere
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp echo-request limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp echo-reply limit: avg 1/sec burst 5
0 0 ACCEPT udp -- any any anywhere
209.1.1.0/24 udp dpt:traceroute
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp host-unreachable
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp timestamp-request
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp address-mask-request
0 0 ACCEPT icmp -- any any anywhere
209.1.1.0/24 icmp address-mask-reply
0 0 LD icmp -- any any anywhere
209.1.1.0/24 icmp redirect
0 0 LD icmp -- any any anywhere
209.1.1.0/24 icmp source-quench
0 0 ACCEPT all -- any any office_vpn/24
anywhere
0 0 LD all -- eth0 any 1.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 2.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 7.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 23.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 27.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 31.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 41.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 45.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 60.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 68.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 69.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 70.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 71.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 80.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 88.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 90.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 91.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 92.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 100.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 111.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 112.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 127.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 127.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 128.66.0.0/16
209.1.1.0/24
0 0 LD all -- eth0 any 172.16.0.0/12
209.1.1.0/24
0 0 LD all -- eth0 any 192.168.0.0/16
209.1.1.0/24
0 0 LD all -- eth0 any 197.0.0.0/16
209.1.1.0/24
0 0 LD all -- eth0 any 201.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 220.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 222.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 240.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 242.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 244.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 251.0.0.0/8
209.1.1.0/24
0 0 LD all -- eth0 any 254.0.0.0/8
209.1.1.0/24
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:31337 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:31337 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:33270 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:33270 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:1234 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:6711 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:ingreslock limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere
209.1.1.0/24 tcp dpt:27665 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:27444 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere
209.1.1.0/24 udp dpt:31335 limit: avg 2/min burst 5
0 0 LD all -- any any BASE-ADDRESS.MCAST.NET/8
anywhere
0 0 LD all -- any any anywhere
BASE-ADDRESS.MCAST.NET/8
0 0 LD all -- any any 255.255.255.255
anywhere
0 0 LD all -- any any anywhere
0.0.0.0
0 0 LD all -f any any anywhere
anywhere limit: avg 10/min burst 5
0 0 ACCEPT ipv6-auth-- any any anywhere
anywhere
0 0 ACCEPT tcp -- any any anywhere
anywhere tcp spt:ssh dpts:login:65535 flags:!SYN,RST,ACK/SYN
state RELATED
0 0 ACCEPT tcp -- any any anywhere
anywhere tcp spt:ftp-data dpts:1023:65535
flags:!SYN,RST,ACK/SYN state RELATED
86 61322 ACCEPT tcp -- any any anywhere
anywhere state ESTABLISHED
5 1602 ACCEPT udp -- any any anywhere
209.1.1.0/24 udp dpts:1023:65535
0 0 LD all -- any any anywhere
anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- any eth0 office_vpn/24
anywhere
0 0 ACCEPT all -- any any anywhere
office_vpn/24
Chain OUTPUT (policy ACCEPT 113 packets, 11937 bytes)
pkts bytes target prot opt in out source
destination
5 468 ACCEPT all -- any lo anywhere
anywhere
0 0 ACCEPT all -- any any office_vpn/24
anywhere
0 0 ACCEPT icmp -- any any office_vpn/24
anywhere
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:31337 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:31337 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:33270 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:33270 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:1234 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:6711 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:ingreslock limit: avg 2/min burst 5
0 0 LD tcp -- any any 209.1.1.0/24
anywhere tcp dpt:27665 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:27444 limit: avg 2/min burst 5
0 0 LD udp -- any any 209.1.1.0/24
anywhere udp dpt:31335 limit: avg 2/min burst 5
0 0 LD all -- any any BASE-ADDRESS.MCAST.NET/8
anywhere
0 0 LD all -- any any anywhere
BASE-ADDRESS.MCAST.NET/8
0 0 LD all -- any any 255.255.255.255
anywhere
0 0 LD all -- any any anywhere
0.0.0.0
0 0 ACCEPT icmp -- any any 209.1.1.0/24
anywhere
0 0 ACCEPT tcp -- any any 209.1.1.0/24
anywhere tcp dpts:1023:65535
0 0 ACCEPT udp -- any any 209.1.1.0/24
anywhere udp dpts:1023:65535
Chain LD (77 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- any any anywhere
anywhere LOG level warning
0 0 DROP all -- any any anywhere
anywhere
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list