Connection Problem

Daniel Holden dholden at idsb.net
Thu Nov 22 03:28:44 CET 2001


Thank you for the response.  I finally got some time to work on this
problem.  Following is the info you requested.  Hope it's not too much
but I didn't want to leave out anything that may have been of
importance.

ServerA:

###/tinc/office_vpn/tinc.conf
  Name = ServerA
  TapDevice = /dev/tun
  PrivateKeyFile = /usr/local/etc/tinc/office_vpn/rsa_key.priv


###/tinc/office_vpn/hosts/ServerA
   Address = 209.1.1.1
   Subnet = 192.168.255.0/24

-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----


###/tinc/office_vpn/hosts/ServerB
   Address = 209.1.1.2
   Subnet = 192.168.1.0/24

-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
............................................................

ServerB:

###/tinc/office_vpn/tinc.conf
   Name = ServerB
   ConnectTo = ServerA
   TapDevice = /dev/tun
   PrivateKeyFile = /usr/local/etc/tinc/office_vpn/rsa_key.priv

###/tinc/office_vpn/hosts/ServerA
   Address = 209.1.1.1
   Subnet = 192.168.255.0/24

-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----


###/tinc/office_vpn/hosts/ServerB
   Address = 209.1.1.2
   Subnet = 192.168.1.0/24

-----BEGIN RSA PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PUBLIC KEY-----
...................................................

Result of "ifconfig -a" on ServerB:

eth0      Link encap:Ethernet  HWaddr 00:A0:CC:DB:F2:57
          inet addr:209.1.1.1  Bcast:209.1.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


eth1      Link encap:Ethernet  HWaddr 00:A0:CC:DB:FB:2C
          inet addr:209.1.2.1  Bcast:209.1.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


eth2      Link encap:Ethernet  HWaddr 00:A0:CC:DB:DC:55
          inet addr:192.168.1.253  Bcast:192.168.1.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1


office_vp Link encap:Ethernet  HWaddr FE:FD:00:00:00:00
          inet addr:192.168.1.253  Bcast:192.168.1.255  Mask:255.255.0.0

          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
................................................................................

Result of "route" on ServerB:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.2.0     209-1-2-1       255.255.255.0   UG    0      0        0
eth1
office_vpn           *               255.255.255.0   U     0
0        0 eth2
209.1.2.0              *               255.255.255.0   U     0
0        0 eth1
209.1.1.0               *               255.255.255.0   U     0
0        0 eth0
192.168.0.0          *               255.255.0.0     U     0
0        0 office_vpn
127.0.0.0               *               255.0.0.0       U     0
0        0 lo
default         209-1-1-10      0.0.0.0         UG    0      0        0
eth0
...................................................................................

Result of "iptables -t nat -L -v" on ServerB:

Chain PREROUTING (policy ACCEPT 4075 packets, 823K bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 DNAT       tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:tinc to:192.168.1.253:655

Chain POSTROUTING (policy ACCEPT 664 packets, 158K bytes)
 pkts bytes target     prot opt in     out     source
destination
  348 24626 MASQUERADE  all  --  any    eth0    anywhere
anywhere
    0     0 ACCEPT     all  --  any    any     209.1.1.0/24
anywhere

Chain OUTPUT (policy ACCEPT 2578 packets, 332K bytes)
 pkts bytes target     prot opt in     out     source
destination
...................................................................................

Result of "iptables -L -v" on ServerB:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
    2   118 ACCEPT     all  --  any    any     mail.idsb.net
anywhere
    0     0 ACCEPT     all  --  any    any     209-1-20-1
anywhere
    0     0 ACCEPT     all  --  any    any     209-1-20-1
anywhere
    0     0 ACCEPT     all  --  any    any     192.168.255.1
anywhere
    0     0 ACCEPT     all  --  any    any     192.168.0.0/16
anywhere
    0     0 ACCEPT     tcp  --  any    any     mail.idsb.net
209.1.1.0/24    tcp dpt:tinc
    0     0 ACCEPT     udp  --  any    any     mail.idsb.net
209.1.1.0/24    udp dpt:tinc
    0     0 ACCEPT     tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:domain
    0     0 ACCEPT     udp  --  any    any     anywhere
209.1.1.0/24    udp dpt:domain
    5   468 ACCEPT     all  --  lo     any     anywhere
anywhere
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp echo-request limit: avg 1/sec burst 5
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp echo-reply limit: avg 1/sec burst 5
    0     0 ACCEPT     udp  --  any    any     anywhere
209.1.1.0/24    udp dpt:traceroute
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp host-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp timestamp-request
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp timestamp-reply
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp address-mask-request
    0     0 ACCEPT     icmp --  any    any     anywhere
209.1.1.0/24    icmp address-mask-reply
    0     0 LD         icmp --  any    any     anywhere
209.1.1.0/24    icmp redirect
    0     0 LD         icmp --  any    any     anywhere
209.1.1.0/24    icmp source-quench
    0     0 ACCEPT     all  --  any    any     office_vpn/24
anywhere
    0     0 LD         all  --  eth0   any     1.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     2.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     7.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     23.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     27.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     31.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     41.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     45.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     60.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     68.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     69.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     70.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     71.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     80.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     88.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     90.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     91.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     92.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     100.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     111.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     112.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     127.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     127.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     128.66.0.0/16
209.1.1.0/24
    0     0 LD         all  --  eth0   any     172.16.0.0/12
209.1.1.0/24
    0     0 LD         all  --  eth0   any     192.168.0.0/16
209.1.1.0/24
    0     0 LD         all  --  eth0   any     197.0.0.0/16
209.1.1.0/24
    0     0 LD         all  --  eth0   any     201.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     220.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     222.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     240.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     242.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     244.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     251.0.0.0/8
209.1.1.0/24
    0     0 LD         all  --  eth0   any     254.0.0.0/8
209.1.1.0/24
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:31337 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     anywhere
209.1.1.0/24    udp dpt:31337 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:33270 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     anywhere
209.1.1.0/24    udp dpt:33270 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:1234 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:6711 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpts:12345:12346 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     anywhere
209.1.1.0/24    udp dpts:12345:12346 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:ingreslock limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     anywhere
209.1.1.0/24    tcp dpt:27665 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     anywhere
209.1.1.0/24    udp dpt:27444 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     anywhere
209.1.1.0/24    udp dpt:31335 limit: avg 2/min burst 5
    0     0 LD         all  --  any    any     BASE-ADDRESS.MCAST.NET/8
anywhere
    0     0 LD         all  --  any    any     anywhere
BASE-ADDRESS.MCAST.NET/8
    0     0 LD         all  --  any    any     255.255.255.255
anywhere
    0     0 LD         all  --  any    any     anywhere
0.0.0.0
    0     0 LD         all  -f  any    any     anywhere
anywhere           limit: avg 10/min burst 5
    0     0 ACCEPT     ipv6-auth--  any    any     anywhere
anywhere
    0     0 ACCEPT     tcp  --  any    any     anywhere
anywhere           tcp spt:ssh dpts:login:65535 flags:!SYN,RST,ACK/SYN
state RELATED
    0     0 ACCEPT     tcp  --  any    any     anywhere
anywhere           tcp spt:ftp-data dpts:1023:65535
flags:!SYN,RST,ACK/SYN state RELATED
   86 61322 ACCEPT     tcp  --  any    any     anywhere
anywhere           state ESTABLISHED
    5  1602 ACCEPT     udp  --  any    any     anywhere
209.1.1.0/24    udp dpts:1023:65535
    0     0 LD         all  --  any    any     anywhere
anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     all  --  any    eth0    office_vpn/24
anywhere
    0     0 ACCEPT     all  --  any    any     anywhere
office_vpn/24

Chain OUTPUT (policy ACCEPT 113 packets, 11937 bytes)
 pkts bytes target     prot opt in     out     source
destination
    5   468 ACCEPT     all  --  any    lo      anywhere
anywhere
    0     0 ACCEPT     all  --  any    any     office_vpn/24
anywhere
    0     0 ACCEPT     icmp --  any    any     office_vpn/24
anywhere
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:31337 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     209.1.1.0/24
anywhere           udp dpt:31337 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:33270 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     209.1.1.0/24
anywhere           udp dpt:33270 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:1234 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:6711 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min
burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpts:12345:12346 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     209.1.1.0/24
anywhere           udp dpts:12345:12346 limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:ingreslock limit: avg 2/min burst 5
    0     0 LD         tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpt:27665 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     209.1.1.0/24
anywhere           udp dpt:27444 limit: avg 2/min burst 5
    0     0 LD         udp  --  any    any     209.1.1.0/24
anywhere           udp dpt:31335 limit: avg 2/min burst 5
    0     0 LD         all  --  any    any     BASE-ADDRESS.MCAST.NET/8
anywhere
    0     0 LD         all  --  any    any     anywhere
BASE-ADDRESS.MCAST.NET/8
    0     0 LD         all  --  any    any     255.255.255.255
anywhere
    0     0 LD         all  --  any    any     anywhere
0.0.0.0
    0     0 ACCEPT     icmp --  any    any     209.1.1.0/24
anywhere
    0     0 ACCEPT     tcp  --  any    any     209.1.1.0/24
anywhere           tcp dpts:1023:65535
    0     0 ACCEPT     udp  --  any    any     209.1.1.0/24
anywhere           udp dpts:1023:65535

Chain LD (77 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 LOG        all  --  any    any     anywhere
anywhere           LOG level warning
    0     0 DROP       all  --  any    any     anywhere
anywhere


Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/




More information about the Tinc mailing list