Tinc on NixOS

William Kennington william at wkennington.com
Wed Aug 27 08:39:30 CEST 2014


Whoops, I forgot to mention that you would need the master.explicit branch
as well. So to sum it all up, you need to merge the following

https://github.com/wkennington/nixpkgs:
 - master.explicit
 - master.users
 - master.tincd
 - master.tinc (optional for tinc1.1)


On Tue, Aug 26, 2014 at 5:21 PM, Zia Syed <xia.syed at gmail.com> wrote:

> Thanks William. I will look at it and see if i can test it.
>
>
>
>
> On Tue, Aug 26, 2014 at 11:06 AM, William Kennington <
> william at wkennington.com> wrote:
>
>> Just a heads up I'm working on a Nico's module for tinc if you are
>> interested in testing it.
>>
>> https://github.com/wkennington/nixpkgs/tree/master.tincd
>>
>> You are going to need my users patch yo add the extra uids needed for
>> this to work at the moment.
>>
>> https://github.com/wkennington/nixpkgs/tree/master.users
>>
>> You might also want to check out my addition of the tinc1.1 prerelease.
>>
>> https://github.com/wkennington/nixpkgs/tree/master.tinc
>>
>> Best,
>> William
>> On Aug 26, 2014 11:00 AM, "Zia Syed" <xia.syed at gmail.com> wrote:
>>
>>> Ok i've got it working.
>>>
>>> I used the ifconfig command, but removed the netmask and it worked.
>>>
>>> like this
>>> ifconfig $INTERFACE 192.168.1.10
>>>
>>> whereas this didn't work
>>> ifconfig $INTERFACE 192.168.1.10 netmask 255.255.255.0
>>>
>>> Thanks guys.
>>>
>>> Zia
>>>
>>>
>>> On Tue, Aug 26, 2014 at 10:40 AM, Zia Syed <xia.syed at gmail.com> wrote:
>>>
>>>> Thanks Guus. That works, but I am still not about to route traffic
>>>> between the nodes. tinc-up doesn't execute automatically, and when I
>>>> manually try, i get
>>>> 'RTNETLINK answers: File exists'
>>>> for
>>>> ip addr add 192.168.1.10 dev $INTERFACE
>>>>
>>>> where $INTERFACE i pass as eno1.
>>>>
>>>> On the tinc debug, i see this
>>>>
>>>> Connection with esprit1 (67.169.32.18 port 655) activated
>>>> Sending ADD_SUBNET to esprit1 (67.169.32.18 port 655): 10 38d07b36
>>>> homer2 10.16.0.0/24#10
>>>> Sending 35 bytes of metadata to esprit1 (67.169.32.18 port 655)
>>>> Sending ADD_EDGE to everyone (BROADCAST): 12 7ae0f39b homer2 esprit1
>>>> 67.169.32.18 655 c 78
>>>> Sending 49 bytes of metadata to esprit1 (67.169.32.18 port 655)
>>>> Flushing 84 bytes to esprit1 (67.169.32.18 port 655)
>>>> Got ADD_SUBNET from esprit1 (67.169.32.18 port 655): 10 5dc18841
>>>> esprit1 192.168.1.0/24#10
>>>> Forwarding ADD_SUBNET from esprit1 (67.169.32.18 port 655): 10 5dc18841
>>>> esprit1 192.168.1.0/24#10
>>>> Got ADD_EDGE from esprit1 (67.169.32.18 port 655): 12 1198c2b0 esprit1
>>>> homer2 12.249.58.54 655 c 78
>>>> Forwarding ADD_EDGE from esprit1 (67.169.32.18 port 655): 12 1198c2b0
>>>> esprit1 homer2 12.249.58.54 655 c 78
>>>>
>>>>
>>>> Does my routing table looks alright?
>>>>
>>>> [root at homer2:/etc/tinc/test]# route
>>>>  Kernel IP routing table
>>>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>>>> Iface
>>>> default         10.16.0.1       0.0.0.0         UG    0      0        0
>>>> eno16777728
>>>> 10.16.0.0       *               255.255.0.0     U     0      0        0
>>>> eno16777728
>>>> 192.168.1.0     *               255.255.255.0   U     0      0        0
>>>> eno16777728
>>>>
>>>> [root at homer2:/etc/tinc/test]# ssh test at 192.168.1.10
>>>> ssh: connect to host 192.168.1.10 port 22: No route to host
>>>>
>>>> [root at esprit1:/etc/tinc/test]# route
>>>> Kernel IP routing table
>>>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>>>> Iface
>>>> default         192.168.1.1     0.0.0.0         UG    202    0        0
>>>> eno1
>>>> 10.16.0.0       *               255.255.255.0   U     0      0        0
>>>> eno1
>>>> 192.168.1.0     *               255.255.255.0   U     202    0        0
>>>> eno1
>>>>
>>>> [root at esprit1:/etc/tinc/test]# ssh test at 10.16.0.14
>>>> ssh: connect to host 10.16.0.14 port 22: No route to host
>>>>
>>>> My host config for homer2 is
>>>> [root at esprit1:/etc/tinc/test]# cat hosts/homer2
>>>> Address = 10.16.0.14
>>>> Subnet = 10.16.0.0/24
>>>>
>>>> and for esprit1
>>>>
>>>> [root at homer2:/etc/tinc/test]# cat hosts/esprit1
>>>> Address = 67.169.32.18
>>>> Subnet = 192.168.1.0/24
>>>>
>>>> thanks,
>>>>  Zia
>>>>
>>>>
>>>> On Tue, Aug 26, 2014 at 1:43 AM, Guus Sliepen <guus at tinc-vpn.org>
>>>> wrote:
>>>>
>>>>> On Mon, Aug 25, 2014 at 09:55:05PM -0700, Zia Syed wrote:
>>>>>
>>>>> > I'm trying to run Tinc on a NixOS machine, using the similar
>>>>> configuration
>>>>> > i had for Ubuntu. My home subnet is 192.168.1.0/24 and my work is
>>>>> > 10.16.0.0/24. However, unlike ubuntu, when I start tincd on nixos,
>>>>> and try
>>>>> > to 'ifconfig $INTERFACE 192.168.1.10 netmask 255.255.255.0' in my
>>>>> tinc-up,
>>>>> > I loose network access on the box (no ping/ssh to the box). I see
>>>>> tun0
>>>>> > interface created, but no data flows.
>>>>> >
>>>>> > eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>>>> >         inet 192.168.1.10  netmask 255.255.255.0  broadcast
>>>>> 192.168.1.255
>>>>> [...]
>>>>> > #!/nix/store/ajxd1z42ql9qihdj1pa7in12iynf532g-bash-4.2-p45/bin/sh
>>>>> > #ifconfig $INTERFACE 192.168.1.10 netmask 255.255.255.0
>>>>> > ip route add 10.16.0.0/24 dev $INTERFACE
>>>>> > ip link set dev $INTERFACE up
>>>>>
>>>>> Like Saverio already said, you are configuring tun0 with exactly the
>>>>> same IP address and netmask as the eno1 interface. This will indeed
>>>>> cause you to lose network access. You can use the same IP address on
>>>>> tun0 as on eno1, but then the netmask should be different. Try this
>>>>> instead:
>>>>>
>>>>> #!/nix/store/ajxd1z42ql9qihdj1pa7in12iynf532g-bash-4.2-p45/bin/sh
>>>>> ip addr add 192.168.1.10 dev $INTERFACE
>>>>> ip route add 10.16.0.0/24 dev $INTERFACE
>>>>> ip link set dev $INTERFACE up
>>>>>
>>>>> --
>>>>> Met vriendelijke groet / with kind regards,
>>>>>      Guus Sliepen <guus at tinc-vpn.org>
>>>>>
>>>>> _______________________________________________
>>>>> tinc mailing list
>>>>> tinc at tinc-vpn.org
>>>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>
>>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140826/2d1a3a61/attachment-0001.html>


More information about the tinc mailing list