Routes are not added automatically
Ricardo Belin
Ricardo.Belin at sewan.fr
Mon May 25 09:56:14 CEST 2009
Hi,
Thank you for this helpfull explanation !
Best regards,
Guus Sliepen a écrit :
> On Wed, May 20, 2009 at 06:58:23PM +0200, Ricardo Belin wrote:
>
>
>> My problem is that in order to run a simple VPN between two machines I
>> had to manually add the "route add -net <ip>/24 $INTERFACE" statement on
>> hosts' tinc-up files.
>>
>
> Suppose you have two nodes, A and B, and A has 192.168.1.0/24, and B has
> 192.168.2.0/24. If you then put "ifconfig $INTERFACE 192.168.x.1 netmask
> 255.255.0.0" in the tinc-up files, then you would not need extra route add
> commands, since the whole 192.168.0.0/16 is routed to the VPN. However, if you
> use netmask 255.255.255.0 in tinc-up, then yes, you need to add extra routes.
>
>
>> I came accross a lot of messages in the archive saying that tinc doesn't
>> handle routing and that it's my job to configure the routes manually.
>>
>
> Yes, tinc does not automatically configure the VPN interface and does not add
> routes, you need to create tinc-up and possibly other scripts to do that.
>
>
>> But according to the website :
>> 1) http://www.tinc-vpn.org/documentation/tinc_3.html#SEC37
>>
>> "An example 'tinc-up' script:
>>
>> #!/bin/sh
>> ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
>>
>>
>> This script gives the interface an IP address and a netmask. The
>> kernel _will also automatically add a route to this interface_ , so
>> normally you _don't need to add route commands_ to the 'tinc-up'
>> script. The kernel will also bring the interface up after this
>> command. The netmask is the mask of the /entire/ VPN network, not
>> just your own subnet."
>>
>
> The example is correct, the netmask is so large that it encompasses the whole
> VPN, so you don't need to add more routes. The ifconfig command in the example
> configures the interface, but also adds a route for 192.168.0.0/16 to the
> kernel's routing table.
>
> If you do not want to use such a large netmask, you can create a subnet-up
> script that contains the following:
>
> #!/bin/sh
> ip route add $SUBNET dev $INTERFACE
>
> And a corresponding subnet-down of course. But you're free to do something
> else.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
--
Ricardo BELIN
+33 (0)1 77 70 65 13
Sewan Communications
16 rue Jeanne Hachette
75015 Paris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20090525/129363bb/attachment.htm
More information about the tinc
mailing list