tinc woes (connection established, possible routing issues)
Chris Martino
cem at console.org
Mon Aug 19 20:03:12 CEST 2002
Hello,
I'm trying to use tinc to establish a vpn between two linux boxes. The
keys are shared and the connection gets established, but I can't seem to
ping either side. One side is strictly a server for the client to connect
to. It has a public IP, and the private IP subnet which it's trying to
"share" to the client. It's a pretty simple and straight forward setup.
Configurations are below...
Server Side Client Side
/ \ / \
Public IP Private Subnet Private IP
168.215.110.xxx --- 63.140.157.0/24 --- 63.140.157.230 ... --- 63.140.157.231 --- Client IP
Server:
/etc/tinc/Clarity/tinc.conf:
# Sample tinc configuration file
# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.
# The name of this tinc host. Required.
Name = Clarity
# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
# ConnectTo =
# The tap device tinc will use. Required.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/misc/net/tun for Linux tun/tap device.
Device = /dev/net/tun
# The file in which the private key for this host is stored. Required.
PrivateKeyFile = /etc/tinc/Clarity/rsa_key.priv
(server hosts file) /etc/tinc/Clarity/hosts/Clarity:
Address = black.clarityis.com
Subnet = 63.140.157.0/24
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
(client host file) /etc/tinc/Clarity/hosts/joel:
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
Client:
/etc/tinc/work/tinc.conf:
# Sample tinc configuration file
# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.
# The name of this tinc host. Required.
Name = joel
# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
ConnectTo = Clarity
# The tap device tinc will use. Required.
# Default is /dev/tap0 for ethertap or FreeBSD,
# /dev/tun0 for Solaris and OpenBSD,
# and /dev/misc/net/tun for Linux tun/tap device.
#Device = /dev/misc/net/tun
Device = /dev/tun
# The file in which the private key for this host is stored. Required.
PrivateKeyFile = /etc/tinc/work/rsa_key.priv
/etc/tinc/work/hosts/* are the same as above....
When I start tinc with tincd -n Clarity and tincd -n work on the machines
I can see the connections being "activated", but I cannot ping between the
two hosts.
Any ideas on how to get this to work?
Thanks,
Chris
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list