Windows subnets
Andrew Savinykh
andrews at brutsoft.com
Thu Oct 7 04:51:53 CEST 2010
Alan,
thank you, this all makes perfect sense. The only outstanding problem is
that it it unlikely that with this setup computers in LAN A will be able
to receive broadcasts from computers in LAN B and vice-versa.
Cheers,
Andrew.
>
> On 7/10/2010 11:52 a.m., Alan S. Lawee wrote:
>>
>> In order for you to configure this, you have to set up explicit
>> routes, and the computers in each location that are hosting the tinc
>> application must be able to route packets.
>>
>> A little more explanation is in order. As you are referring to the
>> nodes as PC's, I am assuming that you are using the MsWindows
>> operating system. Some versions (e.g. Windows 2000) are able to
>> function as routers out of the box, others cannot function as
>> routers, and yet others require some advanced configuration. (Linux
>> or other x-based systems can all function as routers).
>>
>> Computers on LAN A are configured to use the broadband router as a
>> default gateway in order to access the Internet. However, in order
>> to accomplish the configuration you are looking for, you will have to
>> set up a manual route on each of the computers on LAN A which will
>> instruct them to go to the computer running tinc in order to reach
>> the nodes on LAN B. The reverse will be true for the computers on LAN B.
>>
>> Your IDEA1 will not work because the subnet masks do not define
>> distinct networks. IDEA2 has the same problem because the tinc
>> subnet is not distinct from the other 2.
>>
>> So, to follow your example IDEA2, we have in household A, LAN A:
>> 10.30.1.x and 3 PC's: PC-A.11, PC-A.12 & PC-A.13, plus a router:
>> R-A.1; in household B, LAN B: 10.30.2.x, we have a similar
>> configuration, PC-B.11, PC-B.12, PC-B.13 and R-B.1; the tinc
>> application is hosted on each of PC-A.11 and PC-B.11 and will use the
>> subnet 10.30.3.x.
>>
>> As an example, the IP configurations are as follows:
>>
>> PC-A.11: Default Gateway
>> 10.30.1.1/255.255.255.0
>>
>> IP Address
>> 10.30.1.11/255.255.255.0 on physical network interface
>>
>> IP Address
>> 10.30.3.1/255.255.255.0 on virtual tinc interface
>>
>> Manual entry in
>> routing table to 10.30.2.0/255.255.255.0 via 10.30.3.2
>>
>> PC-A.12, PC-A.13: Default Gateway 10.30.1.1/255.255.255.0
>>
>> IP Address
>> 10.30.1.12/255.255.255.0 and 10.30.1.13/255.255.255.0
>>
>> Manual entry in
>> routing table to 10.30.2.0/255.255.255.0 via 10.30.1.11
>>
>> PC-B.11: Default Gateway
>> 10.30.2.1/255.255.255.0
>>
>> IP Address
>> 10.30.2.11/255.255.255.0 on physical network interface
>>
>> IP Address
>> 10.30.3.2/255.255.255.0 on virtual tinc interface
>>
>> Manual entry in
>> routing table to 10.30.1.0/255.255.255.0 via 10.30.3.1
>>
>> PC-B.12, PC-B.13: Default Gateway 10.30.2.1/255.255.255.0
>>
>> IP Address
>> 10.30.2.12/255.255.255.0 and 10.30.2.13/255.255.255.0
>>
>> Manual entry in
>> routing table to 10.30.1.0/255.255.255.0 via 10.30.2.11
>>
>> Now every PC knows where to send packets destined for both the
>> Internet and the other household. The PC's hosting tinc are acting
>> as the virtual routers between the two sites. Note once again that
>> various versions of Windows have this routing function disabled.
>>
>> Hope this helps you,
>>
>> Alan
>>
>> *From:* tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org]
>> *On Behalf Of *Andrew Savinykh
>> *Sent:* Wednesday, October 06, 2010 18:17
>> *To:* tinc at tinc-vpn.org
>> *Subject:* Re: Windows subnets
>>
>> Donald,
>>
>> thank you, while I still have some questions, your answer is
>> definitely a step in the right direction.
>> In the other reply I was asked what I'm trying to achieve. Let's
>> consider the following scenario (which is quite similar to the one
>> that described in the tinc manual).
>>
>> Let's assume we have two households, each has 3-5 computers in it.
>> Both house holds have similar network configuration:
>> They are connected to internet with an ADSL line and a router.
>> The computers in the local network access internet via the router.
>> The router is configured so that one of the computers have port 665
>> forwarded to be accessible outside.
>> The external IP is changed rarely and there is dynamic DNS service
>> (external) in use to accommodate for the change of IP when it happens.
>>
>> One household has local network addresses of 192.168.1.* and the
>> other has 10.1.1.*
>> I'm installing tinc on one computer in each household.
>>
>> The goal is to let all computers in both house holds to see each
>> other by ip address. Also it is desired that for computer games purposes
>> all computers appear to be on the same LAN (for broadcasts). But this
>> is not mandatory. (it appears that it's not possible without
>> installing tinc on every PC
>> as every tinc daemon serves a subnet and two tinc daemons can't serve
>> a part of subnet each)
>>
>> All computers run different flavours of Windows, most being Windows 7.
>>
>> I have two ideas how to set this up, although I'm not sure if any of
>> these two works:
>>
>> IDEA1.
>> =====
>> Household A
>> Gateway IP: 10.30.0.1
>> Gateway Mask: 255.255.255.0
>> Gateway Default Gateway: ????
>>
>> Other PCs IP: 10.30.0.2,3,4 etc
>> Other PCs Mask: 255.255.255.0
>> Other PCs Deafult Gateway: 10.30.0.1
>>
>> Tinc Subnet: 10.30.0.0/25
>>
>> Household B
>> Gateway IP: 10.30.0.129
>> Gateway Mask: 255.255.255.0
>> Gateway Default Gateway: ????
>>
>> Other PCs IP: 10.30.0.130,131,132 etc
>> Other PCs Mask: 255.255.255.0
>> Other PCs Default Gateway: 10.30.0.129
>>
>> Tinc Subnet: 10.30.0.128/25
>>
>>
>> IDEA2.
>> =====
>> Household A
>> Gatway IP: 10.30.0.1
>> Gateway Mask: 255.255.255.0
>> Gateway Default Gateway: ????
>>
>> Other PCs IP: 10.30.0.2-255 etc
>> Other PCs Mask: 255.255.255.0
>> Other PCs Default Gateway: 10.30.0.1
>>
>> Tinc Subnet: 10.30.0.0/24
>>
>> Household B
>> Gateway IP: 10.30.1.1
>> Gateway Mask: 255.255.255.0
>> Gateway Default Gateway: ????
>>
>> Other PCs IP: 10.30.1.2-255 etc
>> Other PCs Mask: 255.255.255.0
>> Other PCs Default Gateway: 10.30.0.129
>>
>> Tinc Subnet: 10.30.1.0/24
>>
>>
>> So IDEA 1 probably won't work at all. Will it? And with IDEA 2 the
>> pc's won't appear on the same LAN and their broadcasts won't reach
>> each other.
>> As far as I understand I need to install TAP interface on each of the
>> participating windows PCs, correct?
>> What is specified in default gateway of the gateways?
>>
>>
>> Thank you in advance,
>> Andrew
>>
>> On 7/10/2010 4:36 a.m., Donald Pearson wrote:
>>
>> The PCs that you want to participate need to have a route for the VPN
>> subnet pointing to their local VPN gateway, which would be the local
>> device with Tinc installed on it.
>>
>> Theoretical configuration example.
>>
>> VPN subnet is 10.10.10.0/24 <http://10.10.10.0/24>
>>
>> At a location, one computer 192.168.1.254/24
>> <http://192.168.1.254/24> connects to the VPN and serves as the VPN
>> gateway. This gateway needs to be configured for TCP/IP forwarding.
>>
>> http://support.microsoft.com/kb/315236 - windows
>>
>> http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ -
>> linux
>>
>> Other computers local to the gateway need a route to the VPN network
>> added so they know how to get there.
>>
>> In windows. route -p add 10.10.10.0 mask 255.255.255.0 192.168.1.254
>>
>> This will add the persistent route that remains after reboot.
>>
>> Does that answer your question?
>>
>> On Wed, Oct 6, 2010 at 6:41 AM, Andrew Savinykh <andrews at brutsoft.com
>> <mailto:andrews at brutsoft.com>> wrote:
>>
>> Thank you for your reply. As far as I can see there is no point
>> specifying subnet that consists of more than one PC in tinc config if
>> you are going to install tinc on every PC in the subnet anyway.
>> Correct me if I'm wrong.
>> Now, assuming I'm right, there will be PCs in the subnet that don't
>> have tinc installed on them. How to configure these PCs so they are a
>> part of the subnet and participate in routing?
>>
>> Cheers,
>> Andrew
>>
>>
>>
>> On 6/10/2010 10:13 p.m., Cédric Lemarchand wrote:
>>
>> Hi,
>>
>> I am not sure to understand what you mean with "joining" a subnet.
>>
>> But if your "local computer" need to reach the "remote subnet"
>> served by tinc, you can set the local IP of the local tinc server
>> as the default gateway, or add a route to the remote subnet via
>> the local tinc IP. Of course, computer located on the remote
>> subnet need the same thing.
>>
>> Cédric
>>
>> Le 06/10/10 09:37, Andrew Savinykh a écrit :
>>
>> Hello all,
>>
>> I understand that each tinc daemon corresponds to one or more
>> subnets that it "owns" a subnet can be a single ip or more.
>> Could you please tell me what do I need to do to join a computer
>> in local network (windows) to a subnet served by tinc?
>>
>> Thank you in advance,
>> Andrew
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>> --
>>
>> *Cédric Lemarchand -- iXSea SAS*
>>
>> Administrateur Système & Réseaux
>>
>> http://www.ixsea.com/ - <cedric.lemarchand at ixsea.com>
>> <mailto:cedric.lemarchand at ixsea.com>
>>
>> Tel: +33 1 30 08 8888 -- GSM: +33 6 37 23 40 93
>>
>>
>>
>> _______________________________________________
>>
>> tinc mailing list
>>
>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
>>
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20101007/e343f4d4/attachment-0001.htm>
More information about the tinc
mailing list