Bridging on windows networks

Rob Townley rob.townley at gmail.com
Sat Feb 6 00:16:32 CET 2010


On Fri, Feb 5, 2010 at 4:06 PM, Anon <anon4321 at gmail.com> wrote:
> Well, I'm back.  I'm still trying to get a simple ping from a
> non-tinc-node on a LAN to a tinc node on that same LAN. (I'm taking
> baby steps.)
>
> I'll reprint the route prints below.
>
> To recap, tinc is running on 192.168.0.155, with a corresponding vpn
> address of 10.20.30.1.  This machine can ping 192.168.0.168 with no
> problem.  This machine can ping two offsite vpn nodes with no problem:
> 10.20.40.1 and 10.20.50.1. And they can, in turn, ping 10.20.30.1.
>
> 192.168.0.168 can ping 192.168.0.155 with no problem.
>
> 192.168.0.168 can not ping 10.20.30.1.  This is the problem I'm trying
> to address.  My goal, of course, is to allow all the computers on
> 192.168.0.x to ping 10.20.30.1 (and 10.20.40.1 and 10.20.50.1), not
> just 192.168.0.168.
>
> I previously posted the route prints from 192.168.0.155 and 192.168.0.168.
>
> I was told to add a static route to 192.168.0.168 as follows:
>
> route add 10.20.0.0 MASK 255.255.0.0 192.168.0.155
>
> Tinc is NOT running on 192.168.0.168.
>
> On the hosts file for 192.168.0.155 (called myserv), the subnet used to be:
>
> Subnet = 10.20.30.1/32
>
> I have now added the following line right below the above:
>
> Subnet = 192.168.0.0/24
>
> The only thing I'm trying to accomplish at the moment is to ping
> 10.20.30.1 from 192.168.0.168.
>
> If anybody can suggest a step I'm missing, I'd be appreciative.
>
> 192.168.0.168
>
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x3 ...00 21 5c 59 d2 83 ...... Intel(R) Wireless WiFi Link 4965AGN -
> Packet Scheduler Miniport
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>          0.0.0.0          0.0.0.0     192.168.0.1  192.168.0.168         25
>        10.20.0.0      255.255.0.0   192.168.0.155  192.168.0.168         1
>        127.0.0.0        255.0.0.0       127.0.0.1      127.0.0.1         1
>    192.168.123.0    255.255.255.0   192.168.0.168  192.168.0.168         25
>   192.168.0.168  255.255.255.255        127.0.0.1      127.0.0.1         25
>  192.168.123.255  255.255.255.255   192.168.0.168  192.168.0.168         25
>        224.0.0.0        240.0.0.0   192.168.0.168  192.168.0.168         25
>  255.255.255.255  255.255.255.255   192.168.0.168  192.168.0.168         1
>  255.255.255.255  255.255.255.255   192.168.0.168              2         1
>  255.255.255.255  255.255.255.255   192.168.0.168          10006         1
>  255.255.255.255  255.255.255.255   192.168.0.168          20004         1
> Default Gateway:     192.168.0.1
> ===========================================================================
> Persistent Routes:
>  None
>
> 10.20.30.1/192.168.0.155
>
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x6 ...00 1a a0 32 88 28 ...... Broadcom 440x 10/100 Integrated
> Controller - Packet Scheduler Miniport
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.155       20
>        10.20.0.0      255.255.0.0       10.20.30.1      10.20.30.1       30
>       10.20.30.1  255.255.255.255        127.0.0.1       127.0.0.1       30
>   10.255.255.255  255.255.255.255       10.20.30.1      10.20.30.1       30
>        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
>      192.168.0.0    255.255.255.0    192.168.0.115   192.168.0.115       20
>    192.168.0.115  255.255.255.255        127.0.0.1       127.0.0.1       20
>    192.168.0.255  255.255.255.255    192.168.0.115   192.168.0.115       20
>        224.0.0.0        240.0.0.0       10.20.30.1      10.20.30.1       30
>        224.0.0.0        240.0.0.0    192.168.0.115   192.168.0.115       20
>  255.255.255.255  255.255.255.255       10.20.30.1      10.20.30.1       1
>  255.255.255.255  255.255.255.255    192.168.0.115   192.168.0.115       1
> Default Gateway:     192.168.0.1
> ===========================================================================
> Persistent Routes:
>  None
>
>
>
> On Wed, Feb 3, 2010 at 9:10 AM, Anon <anon4321 at gmail.com> wrote:
>>> On .168 you need to add route 10.20.0.0 mask 255.255.0.0 192.168.0.155
>>> This need to be done persistent (-p) or after every boot.
>>
>>> Then try again ping 10.20.30.1
>>
>> Did you see my latest message?  It read:
>>
>> "This is what I tried:
>>
>> route ADD 10.20.0.0 MASK 255.255.0.0 192.168.0.155
>>
>> This added the following line to the route table:
>>
>> 10.20.0.0   255.255.0.0 192.168.0.155 192.168.0.188 1
>>
>> But ping fails."
>>
>> Is there a step I've missed?
>>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>

There is some nuance here.  Seems to me that if a node does not have a
PKI certificate pair with the public cert known at the foreign end,
there should not be anyway to do exactly what you want - pinging tinc
node IP addresses from non-tinc nodes.  Otherwise, tinc would not be
secure at all, right.  Isn't it by design that a non tinc node should
not be able to ping a tinc node's tinc ip address.


i am working on a similar problem except that i want non-tinc nodes to
ping non-tinc nodes through a tinc vpn bridge using switch mode.

Maybe we should Skype or something?  r u on IRC?

i am assuming you are still trying to do it the hard way - routing,
otherwise you would not be mucking with subnets.
i am using Switch mode and having issues.


More information about the tinc mailing list