Problem with more than two Subnets!
Jason
jason+tinclist at truedesign.com
Sun Jul 27 17:43:13 CEST 2003
On Sun, 27 Jul 2003, Andres Sommerhoff wrote:
> In switch mode, I could ping only other host, but not the subnet behind. I
> used tcpdump, like Guus had recommended, but the packets for the subnet
> didn't appear in no device.
When using switch mode, did you assign each virtual network card on all
hosts different MAC addresses? Did you manually add routes in your normal kernel
routing tables to reach the remote subnets through the appropriate gateway
on the virtual subnet? In switch mode, treat it just like you had a
separate NIC in each host with a really long ethernet cable from each host
going to a virtual switch somewhere in the sky :-) in that case, each of
those NICs would have to have a unique MAC addr just like with normal
ethernet, and that switched segment would have its own subnet and you would
setup your routing tables on each box the way it needs to be to reach the
otehr remote subnets.. tinc wont do that for you in that mode. (I prefer
the design of switch mode myself, for what I do, but it is unstable in
1.0pre8. someday i'll try the latest CVS version or 1.0 when it is out)
> Finally, when I had brought up the VPN in router mode I tried to use the
> switch mode. It didn't work. It is not critical, because I can use the
> router mode, but I want to know if I'm missing something? What should I do
> to pass from a working VPN in router mode to a VPN in switch mode? Do I
> need something special in the config? Do you guess that the problem is in
> the CVS version?
Yah, you can't rely on the Subnet lines in the host config files to do your
routing for you in switch mode... at least, I don't think so. and as far as
I know, you wouldn't want the subnet mask of your virtual interface to be
all-encompassing of your entire wan network like the examples have you do in
router mode. hmm.. i could be wrong on these specifics since it's been a
while, but i believe i am at least right in that you can't just change
"router" to "switch" in the config file and have it still work exactly the
same.
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list