Cannot Ping after successful connection?
Michael Munger
michael at highpoweredhelp.com
Tue Mar 11 21:21:42 CET 2014
I apologize for the TLDR-style email, but I wanted to demonstrate that I have done a lot of work (11 hours and at least 8 tutorials including the tinc docs) before asking for help.
My basic problem is this: tinc appears to properly connect and authenticate the client to the server, but I cannot ping or access resources. (yes. I know there is no 'server' in tinc, but 'server' denotes the center of this network). The configs included in this email are real (including the IP addresses). Once I get this working, I'll change all the keys, but everything is the actual config. So... mistakes would be real too!
Here's the setup:
http://www.gliffy.com/go/publish/image/5463480/L.png
* "Management Workstation" is on my local LAN.
* VPN Server is on a server with a public IP address, and is intended to create a "management VPN" for various machines and servers I have around the United States.
* Server A is a file server in a separate office, connected to the net via DSL with DHCP on the DSL.
Note: the Server A eth0 IP and the Management Workstation eth0 IP are the same to demonstrate these are two different networks. In real life, the workstation IP is 192.168.250.202 and the other IP address would be issued via DHCP.
==The "VPN Server" configuration.==
eth0 = 173.165.161.166 (Public IP Address).
root at web-services:/etc/tinc# cat nets.boot #
# This file contains all names of the networks to be started on system startup.
webservices
root at web-services:/etc/tinc/webservices# cat tinc.conf Name=webservices Device=/dev/net/tun
root at web-services:/etc/tinc/webservices/hosts# cat webservices
Compression=9
Subnet=192.168.98.0/24
Address=173.165.161.166
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAoEgxyY5DANAlKSP3pkHJvX5Co1uihxcCwFGW7G3bXUsKTkg6TE1P
qs7Fae9HQIYPzu0uHhjR0jFNP0rAEWl2VoQnpe3E6uIBs+8PWlIpB6OvLXjaYbo7
FhCje3OYTQMDwbhGaeZ/TdoOvAhHlu8giHZFc4SZ/Bd4z58UmLC5ShAtHKhMJr6K
dYsZjBWnzg41Q/dY+NRW5RXpH8akt8yW7xw/9So8CM3Lyf9Vvtn1RyY0IJcIq1kV
UXYOmx/j5Ef48GrbziF5DhEhYCqVSYzqfeIS0PKesNyTWvqr0/n2owSH3q5a2mNI
b+DuppRFSWxzkymrvrGfxVRuhi1Hj5lQPwIDAQAB
-----END RSA PUBLIC KEY-----
root at web-services:/etc/tinc/webservices# cat tinc-up
#!/bin/bash ifconfig $INTERFACE 192.168.98.1 NETMASK 255.255.255.0
==The Management Workstation Configs:==
root at michael-desktop:/etc/tinc#cat nets.boot
## This file contains all names of the networks to be started on system startup.
webservices
root at michael-desktop:/etc/tinc/webservices#cat tinc.conf
Device=/dev/net/tun
ConnectTo=webservices
Name=Mint202
PrivateKeyFile=/etc/tinc/webservices/rsa_key.priv
root at michael-desktop:/etc/tinc/webservices/hosts#cat webservices
Compression=9
Subnet=192.168.98.0/24
Address=173.165.161.166
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAoEgxyY5DANAlKSP3pkHJvX5Co1uihxcCwFGW7G3bXUsKTkg6TE1P
qs7Fae9HQIYPzu0uHhjR0jFNP0rAEWl2VoQnpe3E6uIBs+8PWlIpB6OvLXjaYbo7
FhCje3OYTQMDwbhGaeZ/TdoOvAhHlu8giHZFc4SZ/Bd4z58UmLC5ShAtHKhMJr6K
dYsZjBWnzg41Q/dY+NRW5RXpH8akt8yW7xw/9So8CM3Lyf9Vvtn1RyY0IJcIq1kV
UXYOmx/j5Ef48GrbziF5DhEhYCqVSYzqfeIS0PKesNyTWvqr0/n2owSH3q5a2mNI
b+DuppRFSWxzkymrvrGfxVRuhi1Hj5lQPwIDAQAB
-----END RSA PUBLIC KEY-----
root at michael-desktop:/etc/tinc/webservices#cat tinc-up
#!/bin/bash ifconfig $INTERFACE 192.168.98.2 netmask 255.255.255.0
HERE'S the frustrating part:
When I star the service, I get (what appears) to be a good startup on both sides:
In the management workstation (Mint202):
Mar 11 15:59:28 michael-desktop tinc.webservices[5126]: Trying to connect to webservices (173.165.161.166 port 655) Mar 11 15:59:28 michael-desktop tinc.webservices[5126]: Connected to webservices (173.165.161.166 port 655) Mar 11 15:59:28 michael-desktop tinc.webservices[5126]: Connection with webservices (173.165.161.166 port 655) activated
On the "VPN Server" (webservices):
Mar 11 15:59:02 web-services tinc.webservices[18550]: tincd 1.0.19 (Apr
22 2013 21:45:36) starting, debug level 1 Mar 11 15:59:02 web-services tinc.webservices[18550]: /dev/net/tun is a Linux tun/tap device (tun mode) Mar 11 15:59:02 web-services tinc.webservices[18550]: Script tinc-up exited with non-zero status 1 Mar 11 15:59:02 web-services tinc.webservices[18550]: Listening on
0.0.0.0 port 655
Mar 11 15:59:02 web-services tinc.webservices[18550]: Listening on ::
port 655
Mar 11 15:59:02 web-services tinc.webservices[18550]: Ready Mar 11 15:59:12 web-services tinc.webservices[18550]: Connection from
173.165.161.161 port 52784
Mar 11 15:59:12 web-services tinc.webservices[18550]: Connection with
Mint202 (173.165.161.161 port 52784) activated
But... I cannot ping either machine over the VPN. You can see below (this is on the VPN server), that pinging the local webservices device works, but pinging the remote machine does not. In other words, the VPN Server can ping its own IP (192.168.98.1) but cannot ping Mint202 (192.168.98.2).
root at web-services:/etc/tinc/webservices# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:a1:5f:31
inet addr:173.165.161.166 Bcast:173.165.161.175
Mask:255.255.255.240
inet6 addr: fe80::20c:29ff:fea1:5f31/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:441343 errors:0 dropped:75 overruns:0 frame:0
TX packets:176548 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:156214186 (148.9 MiB) TX bytes:108246744 (103.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:278 errors:0 dropped:0 overruns:0 frame:0
TX packets:278 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:157696 (154.0 KiB) TX bytes:157696 (154.0 KiB)
webservices Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.98.1 P-t-P:192.168.98.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:168 (168.0 B) TX bytes:0 (0.0 B)
root at web-services:/etc/tinc/webservices# ping 192.168.98.1 PING 192.168.98.1 (192.168.98.1) 56(84) bytes of data.
64 bytes from 192.168.98.1: icmp_req=1 ttl=64 time=0.058 ms
64 bytes from 192.168.98.1: icmp_req=2 ttl=64 time=0.038 ms ^C
--- 192.168.98.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.038/0.048/0.058/0.010 ms root at web-services:/etc/tinc/webservices# ping 192.168.98.2 PING 192.168.98.2 (192.168.98.2) 56(84) bytes of data.
^C
--- 192.168.98.2 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
What am I missing here?
Thanks in advance,
Michael
More information about the tinc
mailing list