Bridging on windows networks
Rob Townley
rob.townley at gmail.com
Sat Feb 6 00:16:32 CET 2010
On Fri, Feb 5, 2010 at 4:06 PM, Anon <anon4321 at gmail.com> wrote:
> Well, I'm back. I'm still trying to get a simple ping from a
> non-tinc-node on a LAN to a tinc node on that same LAN. (I'm taking
> baby steps.)
>
> I'll reprint the route prints below.
>
> To recap, tinc is running on 192.168.0.155, with a corresponding vpn
> address of 10.20.30.1. This machine can ping 192.168.0.168 with no
> problem. This machine can ping two offsite vpn nodes with no problem:
> 10.20.40.1 and 10.20.50.1. And they can, in turn, ping 10.20.30.1.
>
> 192.168.0.168 can ping 192.168.0.155 with no problem.
>
> 192.168.0.168 can not ping 10.20.30.1. This is the problem I'm trying
> to address. My goal, of course, is to allow all the computers on
> 192.168.0.x to ping 10.20.30.1 (and 10.20.40.1 and 10.20.50.1), not
> just 192.168.0.168.
>
> I previously posted the route prints from 192.168.0.155 and 192.168.0.168.
>
> I was told to add a static route to 192.168.0.168 as follows:
>
> route add 10.20.0.0 MASK 255.255.0.0 192.168.0.155
>
> Tinc is NOT running on 192.168.0.168.
>
> On the hosts file for 192.168.0.155 (called myserv), the subnet used to be:
>
> Subnet = 10.20.30.1/32
>
> I have now added the following line right below the above:
>
> Subnet = 192.168.0.0/24
>
> The only thing I'm trying to accomplish at the moment is to ping
> 10.20.30.1 from 192.168.0.168.
>
> If anybody can suggest a step I'm missing, I'd be appreciative.
>
> 192.168.0.168
>
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x3 ...00 21 5c 59 d2 83 ...... Intel(R) Wireless WiFi Link 4965AGN -
> Packet Scheduler Miniport
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.168 25
> 10.20.0.0 255.255.0.0 192.168.0.155 192.168.0.168 1
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.123.0 255.255.255.0 192.168.0.168 192.168.0.168 25
> 192.168.0.168 255.255.255.255 127.0.0.1 127.0.0.1 25
> 192.168.123.255 255.255.255.255 192.168.0.168 192.168.0.168 25
> 224.0.0.0 240.0.0.0 192.168.0.168 192.168.0.168 25
> 255.255.255.255 255.255.255.255 192.168.0.168 192.168.0.168 1
> 255.255.255.255 255.255.255.255 192.168.0.168 2 1
> 255.255.255.255 255.255.255.255 192.168.0.168 10006 1
> 255.255.255.255 255.255.255.255 192.168.0.168 20004 1
> Default Gateway: 192.168.0.1
> ===========================================================================
> Persistent Routes:
> None
>
> 10.20.30.1/192.168.0.155
>
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x6 ...00 1a a0 32 88 28 ...... Broadcom 440x 10/100 Integrated
> Controller - Packet Scheduler Miniport
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.155 20
> 10.20.0.0 255.255.0.0 10.20.30.1 10.20.30.1 30
> 10.20.30.1 255.255.255.255 127.0.0.1 127.0.0.1 30
> 10.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 30
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.0.0 255.255.255.0 192.168.0.115 192.168.0.115 20
> 192.168.0.115 255.255.255.255 127.0.0.1 127.0.0.1 20
> 192.168.0.255 255.255.255.255 192.168.0.115 192.168.0.115 20
> 224.0.0.0 240.0.0.0 10.20.30.1 10.20.30.1 30
> 224.0.0.0 240.0.0.0 192.168.0.115 192.168.0.115 20
> 255.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 1
> 255.255.255.255 255.255.255.255 192.168.0.115 192.168.0.115 1
> Default Gateway: 192.168.0.1
> ===========================================================================
> Persistent Routes:
> None
>
>
>
> On Wed, Feb 3, 2010 at 9:10 AM, Anon <anon4321 at gmail.com> wrote:
>>> On .168 you need to add route 10.20.0.0 mask 255.255.0.0 192.168.0.155
>>> This need to be done persistent (-p) or after every boot.
>>
>>> Then try again ping 10.20.30.1
>>
>> Did you see my latest message? It read:
>>
>> "This is what I tried:
>>
>> route ADD 10.20.0.0 MASK 255.255.0.0 192.168.0.155
>>
>> This added the following line to the route table:
>>
>> 10.20.0.0 255.255.0.0 192.168.0.155 192.168.0.188 1
>>
>> But ping fails."
>>
>> Is there a step I've missed?
>>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
There is some nuance here. Seems to me that if a node does not have a
PKI certificate pair with the public cert known at the foreign end,
there should not be anyway to do exactly what you want - pinging tinc
node IP addresses from non-tinc nodes. Otherwise, tinc would not be
secure at all, right. Isn't it by design that a non tinc node should
not be able to ping a tinc node's tinc ip address.
i am working on a similar problem except that i want non-tinc nodes to
ping non-tinc nodes through a tinc vpn bridge using switch mode.
Maybe we should Skype or something? r u on IRC?
i am assuming you are still trying to do it the hard way - routing,
otherwise you would not be mucking with subnets.
i am using Switch mode and having issues.
More information about the tinc
mailing list