tinc and wireless mesh
Szili Dávid
tileo at sch.bme.hu
Wed Jul 30 08:49:57 CEST 2008
Hello!
I'm trying to make a wireless mesh network with b.a.t.m.a.n. protocol,
and I would like to secure the wireless links with tinc. My test network
is 2 wireless routers with OpenWRT Kamikaze firmware, and the network
topology is the following:
|CLIENT|eth0: 192.168.180| <--> |eth0: 192.168.1.1|MESH-NODE|ath0:
192.168.5.54| <~~> |ath0: 192.168.5.51|GW|eth1: 192.168.1.51| <-->
|INTERNET|
|eth0: 192.168.2.50|
|
ˇ
|eth0: 192.168.2.135|
|SERVER|
My aim is to protect only the wireless links (the tow router) and the
server with the VPN, but not the client node wich connects to the
mesh-node by UTP. So far, I've made aVPN link with the 2 touters and the
server, and at the mesh-node's tinc-up script, every traffic is goning
through the VPN from the mesh-node, but the client can't reach the
internet (as I saw from the tinc's logs, the traffinc goes to the
gateway, but then stops).
I'm attaching my configuration, please, take a look at it, and tell me
what's missing.
Regards,
David
PS: ifconfig and route was make before tinc VPN was up.
Konfiguration:
-------
server:
-------
root at server:/etc/tinc/vpn# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1d:7d:71:45:bd
inet addr:192.168.2.135 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::21d:7dff:fe71:45bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94657 errors:0 dropped:202613106 overruns:0 frame:0
TX packets:84621 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28777000 (27.4 MB) TX bytes:10903255 (10.3 MB)
Interrupt:221 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2710 errors:0 dropped:0 overruns:0 frame:0
TX packets:2710 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:106545 (104.0 KB) TX bytes:106545 (104.0 KB)
root at server:/etc/tinc/vpn/hosts# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
root at server:/etc/tinc/vpn# cat tinc.conf
Name = server
AddressFamily = ipv4
Device = /dev/net/tun
Interface = tap0
Mode = switch
#Mode = router
PrivateKeyFile = /etc/tinc/vpn/server_priv.key
#ConnectTo = gw
root at server:/etc/tinc/vpn# cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 192.168.11.1 netmask 255.255.255.0
----
gw:
----
root at GW:/etc/tinc/vpn# ifconfig
ath0 Link encap:Ethernet HWaddr 00:1D:0F:B1:73:38
inet addr:192.168.5.51 Bcast:192.168.5.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2251862 errors:0 dropped:0 overruns:0 frame:0
TX packets:573308 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2644318856 (2.4 GiB) TX bytes:55110670 (52.5 MiB)
eth0 Link encap:Ethernet HWaddr 00:0D:B9:13:A7:FC
inet addr:192.168.1.51 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:10 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:0D:B9:13:A7:FD
inet addr:192.168.2.50 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4219579 errors:0 dropped:0 overruns:0 frame:0
TX packets:4378485 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2363009463 (2.2 GiB) TX bytes:1904172856 (1.7 GiB)
Interrupt:12 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4494 errors:0 dropped:0 overruns:0 frame:0
TX packets:4494 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:323618 (316.0 KiB) TX bytes:323618 (316.0 KiB)
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:104.255.255.254 P-t-P:104.255.255.254
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1472 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wifi0 Link encap:UNSPEC HWaddr
00-1D-0F-B1-73-38-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:52168663 errors:0 dropped:14124 overruns:0 frame:966104
TX packets:20197711 errors:5370 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:395
RX bytes:574939056 (548.3 MiB) TX bytes:3661444004 (3.4 GiB)
Interrupt:9
root at GW:/etc/tinc/vpn# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.5.54 0.0.0.0 255.255.255.255 UH 0 0 0 ath0
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1
root at GW:/etc/tinc/vpn# cat tinc.conf
Name = gw
AddressFamily = ipv4
Device = /dev/net/tun
Interface = tap0
Mode = switch
#Mode = router
PrivateKeyFile = /etc/tinc/vpn/gw_priv.key
ConnectTo = server
root at GW:/etc/tinc/vpn# cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 192.168.11.2 netmask 255.255.255.0
-----------
meshnode:
-----------
root at meshnode:/etc/tinc/vpn# ifconfig
ath0 Link encap:Ethernet HWaddr 00:1D:0F:B1:91:1F
inet addr:192.168.5.54 Bcast:192.168.5.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:71752 errors:0 dropped:0 overruns:0 frame:0
TX packets:9708 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3364524 (3.2 MiB) TX bytes:723743 (706.7 KiB)
eth0 Link encap:Ethernet HWaddr 00:0D:B9:13:86:68
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:287 errors:0 dropped:0 overruns:0 frame:0
TX packets:181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:85004 (83.0 KiB) TX bytes:47965 (46.8 KiB)
Interrupt:10 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wifi0 Link encap:UNSPEC HWaddr
00-1D-0F-B1-91-1F-0A-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48680 errors:0 dropped:0 overruns:0 frame:876
TX packets:9973 errors:33 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:195
RX bytes:3991092 (3.8 MiB) TX bytes:963341 (940.7 KiB)
Interrupt:9
root at meshnode:/etc/tinc/vpn# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.5.51 0.0.0.0 255.255.255.255 UH 0 0 0 ath0
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.5.51 0.0.0.0 UG 0 0 0 ath0
root at meshnode:/etc/tinc/vpn# cat tinc.conf
Name = meshnode
AddressFamily = ipv4
Device = /dev/net/tun
Interface = tap0
Mode = switch
#Mode = router
PrivateKeyFile = /etc/tinc/vpn/meshnode_priv.key
ConnectTo = gw
root at meshnode:/etc/tinc/vpn# cat tinc-up
#!/bin/sh
ifconfig $INTERFACE 192.168.11.3 netmask 255.255.255.0
route add default gw 192.168.11.2 $INTERFACE
route del default gw 192.168.5.51 ath0
------
client:
------
OS: Windows XP
IP: 192.168.1.180
Gateway: 192.168.1.1
Netmask: 255.255.255.0
-------------
/hosts files:
-------------
root at server:/etc/tinc/vpn/hosts# cat server
Address = 192.168.2.135
Subnet = 192.168.11.1/32
Compression = 9
IndirectData = yes
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
root at server:/etc/tinc/vpn/hosts# cat gw
Address = 192.168.5.51
Subnet = 192.168.11.2/32
Compression = 9
IndirectData = yes
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
root at server:/etc/tinc/vpn/hosts# cat meshnode
Address = 192.168.5.54
Subnet = 192.168.11.3/32
Compression = 9
IndirectData = yes
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
More information about the tinc
mailing list