Tinc on NixOS

Zia Syed xia.syed at gmail.com
Tue Aug 26 19:40:50 CEST 2014


Thanks Guus. That works, but I am still not about to route traffic between
the nodes. tinc-up doesn't execute automatically, and when I manually try,
i get
'RTNETLINK answers: File exists'
for
ip addr add 192.168.1.10 dev $INTERFACE

where $INTERFACE i pass as eno1.

On the tinc debug, i see this

Connection with esprit1 (67.169.32.18 port 655) activated
Sending ADD_SUBNET to esprit1 (67.169.32.18 port 655): 10 38d07b36 homer2
10.16.0.0/24#10
Sending 35 bytes of metadata to esprit1 (67.169.32.18 port 655)
Sending ADD_EDGE to everyone (BROADCAST): 12 7ae0f39b homer2 esprit1
67.169.32.18 655 c 78
Sending 49 bytes of metadata to esprit1 (67.169.32.18 port 655)
Flushing 84 bytes to esprit1 (67.169.32.18 port 655)
Got ADD_SUBNET from esprit1 (67.169.32.18 port 655): 10 5dc18841 esprit1
192.168.1.0/24#10
Forwarding ADD_SUBNET from esprit1 (67.169.32.18 port 655): 10 5dc18841
esprit1 192.168.1.0/24#10
Got ADD_EDGE from esprit1 (67.169.32.18 port 655): 12 1198c2b0 esprit1
homer2 12.249.58.54 655 c 78
Forwarding ADD_EDGE from esprit1 (67.169.32.18 port 655): 12 1198c2b0
esprit1 homer2 12.249.58.54 655 c 78


Does my routing table looks alright?

[root at homer2:/etc/tinc/test]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
default         10.16.0.1       0.0.0.0         UG    0      0        0
eno16777728
10.16.0.0       *               255.255.0.0     U     0      0        0
eno16777728
192.168.1.0     *               255.255.255.0   U     0      0        0
eno16777728

[root at homer2:/etc/tinc/test]# ssh test at 192.168.1.10
ssh: connect to host 192.168.1.10 port 22: No route to host

[root at esprit1:/etc/tinc/test]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
default         192.168.1.1     0.0.0.0         UG    202    0        0 eno1
10.16.0.0       *               255.255.255.0   U     0      0        0 eno1
192.168.1.0     *               255.255.255.0   U     202    0        0 eno1

[root at esprit1:/etc/tinc/test]# ssh test at 10.16.0.14
ssh: connect to host 10.16.0.14 port 22: No route to host

My host config for homer2 is
[root at esprit1:/etc/tinc/test]# cat hosts/homer2
Address = 10.16.0.14
Subnet = 10.16.0.0/24

and for esprit1

[root at homer2:/etc/tinc/test]# cat hosts/esprit1
Address = 67.169.32.18
Subnet = 192.168.1.0/24

thanks,
Zia


On Tue, Aug 26, 2014 at 1:43 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:

> On Mon, Aug 25, 2014 at 09:55:05PM -0700, Zia Syed wrote:
>
> > I'm trying to run Tinc on a NixOS machine, using the similar
> configuration
> > i had for Ubuntu. My home subnet is 192.168.1.0/24 and my work is
> > 10.16.0.0/24. However, unlike ubuntu, when I start tincd on nixos, and
> try
> > to 'ifconfig $INTERFACE 192.168.1.10 netmask 255.255.255.0' in my
> tinc-up,
> > I loose network access on the box (no ping/ssh to the box). I see tun0
> > interface created, but no data flows.
> >
> > eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
> >         inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255
> [...]
> > #!/nix/store/ajxd1z42ql9qihdj1pa7in12iynf532g-bash-4.2-p45/bin/sh
> > #ifconfig $INTERFACE 192.168.1.10 netmask 255.255.255.0
> > ip route add 10.16.0.0/24 dev $INTERFACE
> > ip link set dev $INTERFACE up
>
> Like Saverio already said, you are configuring tun0 with exactly the
> same IP address and netmask as the eno1 interface. This will indeed
> cause you to lose network access. You can use the same IP address on
> tun0 as on eno1, but then the netmask should be different. Try this
> instead:
>
> #!/nix/store/ajxd1z42ql9qihdj1pa7in12iynf532g-bash-4.2-p45/bin/sh
> ip addr add 192.168.1.10 dev $INTERFACE
> ip route add 10.16.0.0/24 dev $INTERFACE
> ip link set dev $INTERFACE up
>
> --
> Met vriendelijke groet / with kind regards,
>      Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140826/4fc5b5bd/attachment.html>


More information about the tinc mailing list