Getting at a machine behind a ISDN router

Carlos Sousa csousa at tvtel.pt
Thu Oct 17 00:52:47 CEST 2002


On Sun, 13 Oct 2002 11:19:18 +0200 Guus Sliepen <guus at sliepen.eu.org> wrote:

> On Sat, Oct 12, 2002 at 11:43:49PM +0100, Carlos Sousa wrote:
> 
> > Pinging the client machine (10.0.2.1) from the server machine (10.0.1.1)
> > and running iptraf on the server shows traffic between the 2 machines,
> > both ways, but the packets are still lost. I smell a routing problem
> > concerning the echo-reply packets that are arriving at server, but I can't
> > see where.

There is definitely traffic between the 2 machines, I can see that in
/var/log/syslog on both machines. The tincs appear to be getting along fine,
but I still can't access anything through the vpn.

The weird thing happened again on Monday: sitting at "miragaia", I opened
a ssh connection to "vbc", and tested the vpn. It worked! I could ping and
otherwise access everything on both machines. I checked a few hours later
and the vpn didn't work again, and I couldn't get it going ever since.

> Could you show us the full "route -n" and "ifconfig -a" output and
> tinc.conf for both vbc and miragaia? Also, the output of "iptables -L -v
> -x -n" if there's a firewall on either host.

----------------------------------------------------------------------
miragaia: (no public access, the one that initiates the connection)

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
224.0.0.0       0.0.0.0         240.0.0.0       U     0      0        0 eth0
0.0.0.0         192.168.4.9     0.0.0.0         UG    0      0        0 eth1

(No entry for the vpn!?)

$ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:06:5B:64:12:7A  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:144301 errors:0 dropped:0 overruns:1 frame:0
          TX packets:238487 errors:0 dropped:0 overruns:0 carrier:0
          collisions:17541 txqueuelen:100 
          RX bytes:14280131 (13.6 MiB)  TX bytes:284690066 (271.5 MiB)
          Interrupt:18 Base address:0xd480 

eth1      Link encap:Ethernet  HWaddr 00:E0:7D:77:53:1A  
          inet addr:192.168.4.1  Bcast:192.168.4.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1199 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1114 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:855834 (835.7 KiB)  TX bytes:95276 (93.0 KiB)
          Interrupt:16 Base address:0xec00 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:35792 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35792 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:14741939 (14.0 MiB)  TX bytes:14741939 (14.0 MiB)

vbcnet    Link encap:Ethernet  HWaddr 00:FF:C9:A8:27:83  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:490 (490.0 b)  TX bytes:0 (0.0 b)

(The HWaddr is wrong, should be FE:FD:00:00:00:00)

Contents of tinc-up:
#!/bin/sh
ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
ifconfig $INTERFACE 10.0.2.1 netmask 255.255.0.0
ifconfig $INTERFACE -arp

(why isn't this working?)

The firewall is completely open, the *real* firewall is either at the
router or on the school's ISP premises, so I can't touch it.

----------------------------------------------------------------------
vbc: (public ip, connected to by "miragaia")

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
195.23.75.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.0.0     U     0      0        0 vbcnet
224.0.0.0       0.0.0.0         240.0.0.0       U     0      0        0 eth0
0.0.0.0         195.23.75.1     0.0.0.0         UG    0      0        0 eth0

$ ifconfig -a
dummy0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth0      Link encap:Ethernet  HWaddr 00:40:05:4F:FE:A2  
          inet addr:195.23.75.12  Bcast:255.255.255.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:552938 errors:0 dropped:0 overruns:0 frame:0
          TX packets:152484 errors:0 dropped:0 overruns:0 carrier:0
          collisions:23 txqueuelen:100 
          RX bytes:119038154 (113.5 MiB)  TX bytes:12379329 (11.8 MiB)
          Interrupt:9 Base address:0x2c0 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:51690 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:12621644 (12.0 MiB)  TX bytes:12621644 (12.0 MiB)

vbcnet    Link encap:Ethernet  HWaddr FE:FD:00:00:00:00  
          inet addr:10.0.1.1  Bcast:10.255.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:490 (490.0 b)

Firewall doesn't matter, I turn it off for testing the vpn.
----------------------------------------------------------------------

"vbc" seems ok, but tinc-up on "miragaia" isn't working as expected.

-rwx------    1 root     root          753 Oct 13 21:32 tinc-up*

What am I doing wrong?

Thanks,

-- 
Carlos Sousa
http://vbc.dyndns.org/

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/




More information about the Tinc mailing list