can't ping to an internal IP through tinc's virtual interfaces
Roberto Meyer
rmeyer at idr.org.ar
Wed Jul 30 21:43:20 CEST 2003
Guus Sliepen wrote:
> On Wed, Jul 30, 2003 at 10:56:34AM -0300, Roberto Meyer wrote:
>
> > > > As I said, the VPN seems to work ok. I can ping from one machine to the
> > > > other one (only to their virtual interfaces). I even configured mail
> > > > relaying (exim listens on the virtual IP).
> > >
> > > But I still can't diagnose your problem if I don't see your config
> > > files.
> [...]
> > Routing table:
> > 200.80.x.0 * 255.255.255.128 U 0 0 0 eth0
> > 192.168.144.0 isivirtual 255.255.255.0 UG 0 0 0 vpn
> > 10.10.0.0 * 255.255.0.0 U 0 0 0 vpn
> > default host1.200.80.x 0.0.0.0 UG 0 0 0 eth0
>
> Hmkay... I see the problem. Gateway routes don't work with tinc in
> router mode. You can do it with tinc in switch mode, but an easier
> solution is given below.
>
> > *** pamvirtual config ***
> >
> > /etc/tinc/vpn/tinc-up:
> > ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
> > ifconfig $INTERFACE 10.10.10.1 netmask 255.255.0.0
> > ifconfig $INTERFACE -arp
>
> Forget about the gateway route. Just add this to tinc-up:
>
> route add -net 192.168.144.0 netmask 255.255.255.0 dev $INTERFACE
>
> > /etc/tinc/vpn/hosts/isivirtual:
> > Subnet = 10.10.10.2/32
> > -----BEGIN RSA PUBLIC KEY-----
> > -----END RSA PUBLIC KEY-----
>
> Add: Subnet = 192.168.144.0/24
GREAT! It works 'ferpectly'! ;-)
The only issue I have to solve is that isivpn connects to pamvpn
through a dynamic IP address, so when e-mail arrives to pamvpn it don't
know how to deliver it to isivpn.
I'll test a script to run with openssh so I can update isivpn's IP at
pamvpn's host-file and reload tincd. This way, pamvpn will be able to
'connnectTo' isivpn anytime it wants.
Thanx a lot for your help.
-
Roberto
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list