need help on tinc route problem

Zhang Jun gb2313 at gmail.com
Mon Feb 29 09:51:30 CET 2016


yes, I have these in C host file:

Subnet=10.10.0.0/24
Subnet=0.0.0.0/1
Subnet=128.0.0.0/1   ## not metioned, because I think is maybe works in
same as 0.0.0.0/1

B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1

I only added one route to 5.6.7.8 via B, not via C

On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at gmail.com> wrote:

> hi.
>
> Are you add only 0.0.0.0/1 as route, not 128.0.0.0/1 too?
> Did you tried to add route to 5.6.7.8 via C with lesser metric then via B?
>
> If you have to add static routes only on a few servers, you can add them
> to the $HOST-up scripts.
>
>
>
>
>
> On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <gb2313 at gmail.com> wrote:
>
>> my network:
>>
>> local pc(192.168.1.2)-->openwrt_adsl_router A(
>> 192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24 tinc)<---remote B:
>> 10.10.20.1/24
>>                                                                     ^
>>                                                                     |
>>                                              remote C:10.10.0.1/24
>>
>>
>> all running tinc 1.0.x,
>>
>> ADSL router runs as a "server"(only one tinc instance), listening on some
>> port,
>> client B and C connect to ADSL router,
>> from my pc I need to:
>> 1. Access B's subnet 192.168.50.1/24
>> 2. Access some WAN websites via C
>> 3. no traffic between B and C
>> 4. other traffic goes to pppoe interface by default
>>
>> here are the config files:
>> A: router
>>
>> tincd.conf:
>> device = /dev/net/tun
>> name = vpn
>> interface = vpn
>> addressFamilay = ipv4
>>
>> ##
>> Address=xxx.dyndns.org
>> Port=xxx port
>> subnet=10.10.10.0/24
>> Subnet=192.168.1.0/24
>>
>> ##tinc-up:
>> ifconfig vpn 10.10.10.1/24 up
>> route add -host 10.10.0.1 dev vpn
>> route add -net 10.10.0.0/24 gw 10.10.0.1
>>
>> route add -host 10.10.20.1 dev vpn
>> route add -net 10.10.20.0/24 gw 10.10.20.1
>> route add -net 192.168.50.0/24 gw 10.10.20.1   (requirement .1)
>>
>> route add -net many websites networks gw 10.10.0.1 (requirement .2)
>> ...
>> ###########################
>> B:
>> connectTo=vpn
>> ##
>> Subnet=10.10.20.0/24
>> Subnet=192.168.50.0/24
>>
>> ##
>> ifconfig Binc 10.10.20.1/24 up
>> route add -host 10.10.10.1 dev Binc
>> route add -net 10.10.10.0/24 gw 10.10.10.1
>> route add -net 192.168.1.0/24 gw 10.10.10.1
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> ###########################
>> C:
>> connectTo=vpn
>> ##
>> Subnet=10.10.0.0/24
>> Subnet=0.0.0.0/1     ----------> this line only exists in server
>> C:/etc/tinc/hosts/C, but I guess it can be learned by router node
>>
>> ##
>> ifconfig Cinc 10.10.0.1/24 up
>> route add -host 10.10.10.1 dev Cinc
>> route add -net 192.168.1.0/24 gw 10.10.10.1
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> ########################
>> router has B and C host files, B don't have C's and C don't have B's host
>> file
>>
>> this works fine for me,
>>
>> but today, I need to access a WAN server(5.6.7.8) via B, so I added a
>> route:
>> route add -host 5.6.7.8 gw 10.10.20.1 (B)
>> I thought it should work like other routes, but the traffic still goes
>> through C,
>> after examine the config, I think the problem maybe because of only  C
>> has "Subnet=0.0.0.0/1"
>>
>> my questions are:
>> 1. why packet has route with default gw to B can be routed to C ? is it
>> right behavior?
>> 2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to B's host file ?
>> I have some trouble to test this now, because B is not easy to
>> access,(best way is let it connect to me)
>> also, even this way works, I don't want other networks's traffic(added
>> route for C) goes through B, or randomly.
>> 3. I removed "Subnet=0.0.0.0/1" from C, then all route(to WAN) via B/C
>> not work anymore, is there anyway to
>> let those "route add (WAN networks) gw 10.10.0.1" works without the
>> "Subnet=0.0.0.0/1" ?
>>
>>
>>
>>
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
>
> --
> brgds
> Maxim Vorontsov
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/8227706e/attachment-0001.html>


More information about the tinc mailing list