Problem with more than two Subnets!
Andres Sommerhoff
asommerh at chilesat.net
Sat Jul 19 04:59:23 CEST 2003
Hello, I successfully built a vpn between two hosts ("main" and "iquique") (and its SubNets), but I have problems
when I want to add another host ("valparaiso"): I get a lot of Duplicates packets everywhere and a very slow
vpn. I guess that is a routing problem, but I have try with a lot of alternatives without result. I have try with "switch", "hub" and "router" modes, too. If I turn off one of the clients ("iquique" or "valparaiso") the vpn return to
the normality. I have RH 9.0 and tinc-1.0CVS (The only version that run on RH 9.0) of one week ago. Someone
has an idea or solution for this?
Thanks for any little or big help.
Andres Sommerhoff
#############################################################
THE DETAILS
#############################################################
********************************************************
THE EVIDENCE (It is the same for any host on my VPN)
********************************************************
[root at iquique /]# ping 10.0.1.10 (with other clients runing)
PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
64 bytes from 10.0.1.10: icmp_seq=1 ttl=127 time=233 ms
64 bytes from 10.0.1.10: icmp_seq=1 ttl=126 time=244 ms (DUP!)
64 bytes from 10.0.1.10: icmp_seq=1 ttl=125 time=250 ms (DUP!)
64 bytes from 10.0.1.10: icmp_seq=1 ttl=127 time=255 ms (DUP!)
64 bytes from 10.0.1.10: icmp_seq=1 ttl=124 time=261 ms (DUP!)
64 bytes from 10.0.1.10: icmp_seq=1 ttl=123 time=267 ms (DUP!)
64 bytes from 10.0.1.10: icmp_seq=1 ttl=126 time=273 ms (DUP!)
64 bytes from 10.0.1.10: icmp_seq=1 ttl=125 time=279 ms (DUP!)
[root at iquique /]# ping 10.0.1.10 (without other clients runings only one tunnel, I get a normal answer)
PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
64 bytes from 10.0.1.10: icmp_seq=1 ttl=127 time=81.5 ms
64 bytes from 10.0.1.10: icmp_seq=2 ttl=127 time=23.1 ms
64 bytes from 10.0.1.10: icmp_seq=3 ttl=127 time=23.8 ms
64 bytes from 10.0.1.10: icmp_seq=4 ttl=127 time=23.6 ms
64 bytes from 10.0.1.10: icmp_seq=5 ttl=127 time=21.6 ms
64 bytes from 10.0.1.10: icmp_seq=6 ttl=127 time=47.5 ms
*******************************************************
STRUCTURE
*******************************************************
|---> (Valparaiso IP:any) (Client)
| Internal IP: 10.0.2.1
(main IP:200.1.2.111) <--| Subnet: 10.0.2.0/24
Internal IP: 10.0.1.1 |
Subnet: 10.0.1.0/24 |
|---> (Iquique IP:any) (Client)
Internal IP: 10.0.5.1
Subnet: 10.0.5.0/24
VPN Subnet: 10.0.0.0/16
******************************************************************
MAIN
******************************************************************
[root at main /etc/tinc/vpn]# cat tinc.conf
Name = main
Mode = switch
Device=/dev/net/tun
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
[root at main /etc/tinc/vpn]# cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 10.0.250.1 netmask 255.255.0.0
# ifconfig $INTERFACE -arp
[root at main /etc/tinc/vpn/hosts]# ls
arica iquique main sanantonio valparaiso
[root at main /etc/tinc/vpn/hosts]# cat main
Address = 200.1.2.111
Subnet = 10.0.1.0/24
Compress = 9
-----BEGIN RSA PUBLIC KEY-----
MIG....MA//8=
-----END RSA PUBLIC KEY-----
[root at main /etc/tinc/vpn/hosts]# cat iquique
Subnet = 10.0.5.0/24
# Address = 192.168.254.250
Compress = 9
-----BEGIN RSA PUBLIC KEY-----
MIGJ...MA//8=
-----END RSA PUBLIC KEY-----
[root at main /etc/tinc/vpn/hosts]# cat valparaiso
Subnet = 10.0.2.0/24
Compress = 9
-----BEGIN RSA PUBLIC KEY-----
MIG....MA//8=
-----END RSA PUBLIC KEY-----
[root at main /etc/tinc/vpn]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:05:5D:7A:2A:37
inet addr:200.1.2.111 Bcast:200.1.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7768075 errors:0 dropped:0 overruns:0 frame:0
TX packets:8145489 errors:0 dropped:0 overruns:0 carrier:0
collisions:182886 txqueuelen:100
RX bytes:3346245933 (3191.2 Mb) TX bytes:2556181698 (2437.7 Mb)
Interrupt:10 Base address:0xd400
eth1 Link encap:Ethernet HWaddr 00:40:F4:7B:43:FE
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:688682 errors:0 dropped:0 overruns:0 frame:0
TX packets:685544 errors:0 dropped:0 overruns:0 carrier:0
collisions:28 txqueuelen:100
RX bytes:112166115 (106.9 Mb) TX bytes:474882762 (452.8 Mb)
Interrupt:10 Base address:0x9e00
vpn Link encap:Point-to-Point Protocol
inet addr:10.0.250.1 P-t-P:10.0.250.1 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:4531 (4.4 Kb) TX bytes:4246 (4.1 Kb)
[root at main /etc/tinc/vpn]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.1.0 * 255.255.255.0 U 0 0 0 eth1
200.1.2.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 * 255.255.0.0 U 0 0 0 vpn
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 200.1.2.3 0.0.0.0 UG 0 0 0 eth0
******************************************************************
IQUIQUE (A client of "main")
******************************************************************
("valparaiso" is very similar, but with other Subnet, tunc-up and key.
[root at iquique /etc/tinc/vpn]# cat tinc.conf
Name = main
Mode = switch
Device=/dev/net/tun
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
[root at iquique /etc/tinc/vpn]# cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 10.0.255.1 netmask 255.255.0.0
# ifconfig $INTERFACE -arp
[root at iquique /etc/tinc/vpn/hosts]# ls
iquique main
[root at iquique /etc/tinc/vpn/hosts]# cat main
Address = 200.1.2.111
Subnet = 10.0.1.0/24
Compress = 9
-----BEGIN RSA PUBLIC KEY-----
MIG....MA//8=
-----END RSA PUBLIC KEY-----
[root at iquique /etc/tinc/vpn/hosts]# cat iquique
Subnet = 10.0.5.0/24
# Address = 192.168.254.250
Compress = 9
-----BEGIN RSA PUBLIC KEY-----
MIGJ...MA//8=
-----END RSA PUBLIC KEY-----
[root at iquique /]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.52.20.3 * 255.255.255.255 UH 0 0 0 ppp0
10.0.4.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 * 255.255.0.0 U 0 0 0 vpn
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.52.20.3 0.0.0.0 UG 0 0 0 ppp0
*************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://brouwer.uvt.nl/pipermail/tinc/attachments/20030718/3d5e7240/attachment.html
More information about the Tinc
mailing list