Help linking subnets

Marco Avoledo mavoledo at gmail.com
Thu Jan 22 08:25:29 CET 2015


Hi, after trying for days I ended up with a working tinc configurazion of 2
subnets, now my goal is to add 2 more subnets and comunicate.
I might seem dumb at this point but honestly I don't work in IT or
Networking stuff, and so I dont have that deep knowledge.
A little explanation of my configuration is

HOST A (VPN server)
Public IP: 1.2.3.4
tun0 Subnet = 192.168.10.0/24
tun0 IP    = 192.168.10.1

HOST B (VPN Client configured in a Raspberry Pi)
eth0 NET = 192.168.2.10 255.255.255.0 gw 192.168.2.1
tun0 Subnet = 192.168.10.0/24
tun0 Subnet = 192.168.2.0/24

HOST C (VPN Client configured in a Raspberry Pi)
eth0 NET = 192.168.1.101 255.255.255.0 gw 192.168.1.1
tun0 Subnet = 192.168.10.0/24
tun0 Subnet = 192.168.1.0/24

HOST D (VPN Client configured in Android device, just accessing VPN Network)

Every Host have its own tinc-up set up like:

HOST A:
#!/bin/sh
ifconfig $INTERFACE 192.168.10.1 netmask 255.255.255.0
route add -net 192.168.1.0/24 dev $INTERFACE
route add -net 192.168.2.0/24 dev $INTERFACE
route add -net 192.168.3.0/24 dev $INTERFACE

HOST B:
#!/bin/sh
ifconfig $INTERFACE 192.168.10.2 netmask 255.255.255.0

HOST C:
#!/bin/sh
ifconfig $INTERFACE 192.168.10.3 netmask 255.255.255.0

HOST D:
#!/bin/sh
ifconfig $INTERFACE 192.168.10.4 netmask 255.255.255.0

Every Host have its own tinc.conf set up to connect to HOST A (Except for
HOST A itself obviously) VPN is using router mode.
Every Host have each other's host file in proper directory, containing PUB
KEY + VPN SUBNET + HOST SUBNET

For HOST A:
Address = XXXX.XXXXX.XX
Subnet = 192.168.10.1/32

For HOST B:
Subnet = 192.168.10.0/24
Subnet = 192.168.2.0/24

For HOST C:
Subnet = 192.168.10.0/24
Subnet = 192.168.1.0/24

For HOST D:
Subnet = 192.168.10.0/24

Every file is exactly the same on every HOST.

There are no problems when connecting, every host can connect to the server
(HOST A) fine.
>From HOST A I can ping Host A / Host B
>From HOST B I can ping HOST A / Host B
>From HOST C I can only ping myself
>From HOST D I can only ping myself

After trying a lot of net add net remove and reading tons of replies to
numerous questions online, after asking to irc I initially managed to work
with 2 subnet seeing each others, but adding this two more definitely
ruined the work.

My question is: what do I need to add in every conf/tinc-up file in order
to let HOST A Access every single machine in every Subnet 192.168.1.*
192.168.2.* 192.168.3.* and eventually visa versa, what to add to every
HOST B/C/D to be able to directly access every machine in every subnet as
above.

HOST A route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
default         178.62.128.1    0.0.0.0         UG    0      0        0 eth0
178.62.128.0    *               255.255.192.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 tun0
192.168.2.0     *               255.255.255.0   U     0      0        0 tun0
192.168.3.0     *               255.255.255.0   U     0      0        0 tun0
192.168.10.0    *               255.255.255.0   U     0      0        0 tun0

HOST B route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0

HOST C route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0

My bad I'm not that handy with networking stuff.
Any hint is appreciated.
Thanks in advance

Marco
-------------- parte successiva --------------
Un allegato HTML � stato rimosso...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150122/d58a5413/attachment.html>


More information about the tinc mailing list