Tinc on OsX, partial success
Tincer
tincer at btconnect.com
Mon Nov 22 16:07:09 CET 2004
I have now got the tinc demons (on network OFFICES) on BranchB and
BranchA talking to each other, see below for log from BranchB. For
some trouble shouting issues relating to OsX see at the end of my
e-mail.
However, I have not yet achieved the network connectivity/routing
that I would like.
The aim is:
BranchB is a laptop
I would like to connect it (via tinc) to my office network, so that
the laptop appears to be a genuine member of the Office network, like
an extension of the office network.
I am happy if ALL traffic from and to the laptop goes through the
tinc connection (i.e. no split routing is required, at least not for
the moment).
Thus at the moment I am unclear which configuration to add / change.
For specific questions see below.
Any help is appreciated.
-------------------------------------
My current configuration
BranchB
The laptop, with fixed IP, 222.222.222.3, (configured from OsX GUI
System Preference:Network)
tinc.conf
Name = BranchB
ConnectTo = BranchA
Device = /dev/tun0
Host file
Subnet = 192.168.2.1/32
Address = 222.222.222.203
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
tinc-up
#!/bin/sh
ifconfig $INTERFACE 192.168.2.1 192.168.2.1 netmask 255.255.0.0
BrancA
The CPU with the tinc demon on the office network.
The office network is behind a mascarading firewall with public IP
123.123.123.7
The tinc host has a static IP of 10.20.30.1 (configured from OsX GUI
System Preference:Network)
The firewall is setup to forward all traffic to 123.123.123.7 to
10.20.30.1, on port 655
Furthermore, the preexisting office network is 192.168.3.0/24
The tinc host is physically connected to this network, one physical
ethernet interface
tinc.conf
Name = BranchA
Device = /dev/tun0
Host file
Subnet = 192.168.0.0/16
Address = 123.123.123.7
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
.....
-----END RSA PUBLIC KEY-----
tinc-up
#!/bin/sh
ifconfig $INTERFACE 192.168.3.1 192.168.3.1 netmask 255.255.0.0
-------------------------------------
Specific questions:
The tinc demon is running of the laptop (BranchB), and has connected
to the demon in the office (BranchA)
- As the laptop should route only itself through the vpn (and not
other CPUs on 222.222.222.x is it correct to configure subnet in the
BranchB hostfile as Subnet = 192.168.2.1/32, i.e. with a /32 mask
- Despite the running demons if I open an Browser on the laptop the
browser connects though the public IP 222.222.222.3, and not through
the vpn.
Which routing info is missing and how do I add this under OsX?
- How do I configure BranchB so that in the remote laptop is part of
the preexisting net?
-------------------------------------
Log of Branch B (the laptop)
1101125071 tinc.OFFICES[922]: tincd 1.0.3 (Nov 11 2004 05:07:05)
starting, debug level 3
1101125071 tinc.OFFICES[922]: /dev/tun0 is a Generic BSD tun device
1101125071 tinc.OFFICES[922]: Executing script tinc-up
1101125071 tinc.OFFICES[922]: Script tinc-up exited with non-zero status 126
1101125071 tinc.OFFICES[922]: Listening on :: port 655
1101125071 tinc.OFFICES[922]: Listening on 0.0.0.0 port 655
1101125071 tinc.OFFICES[922]: Ready
1101125071 tinc.OFFICES[922]: Trying to connect to BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Connected to BranchA (123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Sending ID to BranchA (123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Got ID from BranchA (123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Sending METAKEY to BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Got METAKEY from BranchA (123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Sending CHALLENGE to BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Got CHALLENGE from BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Sending CHAL_REPLY to BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Got CHAL_REPLY from BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Sending ACK to BranchA (123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Got ACK from BranchA (123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Connection with BranchA (123.123.123.7
port 655) activated
1101125071 tinc.OFFICES[922]: Sending ADD_SUBNET to BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Sending ADD_EDGE to everyone (BROADCAST)
1101125071 tinc.OFFICES[922]: Got ADD_SUBNET from BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Forwarding ADD_SUBNET from BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Got ADD_EDGE from BranchA
(123.123.123.7 port 655)
1101125071 tinc.OFFICES[922]: Forwarding ADD_EDGE from BranchA
(123.123.123.7 port 655)
1101125133 tinc.OFFICES[922]: Sending PING to BranchA (123.123.123.7 port 655)
1101125133 tinc.OFFICES[922]: Got PONG from BranchA (123.123.123.7 port 655)
1101125224 tinc.OFFICES[922]: Got PING from BranchA (123.123.123.7 port 655)
1101125224 tinc.OFFICES[922]: Sending PONG to BranchA (123.123.123.7 port 655)
1101125316 tinc.OFFICES[922]: Sending PING to BranchA (123.123.123.7 port 655)
-------------------------------------
Hints for running the tinc binary on OsX
Attempts of running tinc 1.0.3 returns "can't open library:
/sw/lib/libdl.0.dylib (No such file or directory, errno = 2)"
To solve this install Fink.
On the laptop (iBook G4, OsX 10.3.5) I installed version 0.7.1
Then using FinkCommander installed the binary
dlcompat-shlibs 20030629-15
On the Branch A CPU (beige G3 OsX 10.2.8) I install 0.6.3
Then using FinkCommander installed the binaries
dlcompat 20030629-5
dlcompat-dev 20030629-5
dlcompat-shlibs 20030629-5
More information about the tinc
mailing list