need help on tinc route problem

Maxim Vorontsov 6012030 at gmail.com
Mon Feb 29 10:44:26 CET 2016


I checked your case with my configuration.

I found that you have to add Subnet = {0,128}.0.0.0/1 to
/etc/tinc/tincname/hosts/B AND restart tinc on both ends (B and your
desktop).
Additionaly you have to add Subnet = 5.6.7.8/32#9 on B.

After that I got default route through one server and route to special
address via another. Check it with different checkip.dyndns.org:
$ host checkip.dyndns.org
checkip.dyndns.org is an alias for checkip.dyndns.com.
checkip.dyndns.com has address 216.146.43.70
checkip.dyndns.com has address 91.198.22.70
checkip.dyndns.com has address 216.146.38.70



On Mon, Feb 29, 2016 at 11:51 AM, Zhang Jun <gb2313 at gmail.com> wrote:

> yes, I have these in C host file:
>
> Subnet=10.10.0.0/24
> Subnet=0.0.0.0/1
> Subnet=128.0.0.0/1   ## not metioned, because I think is maybe works in
> same as 0.0.0.0/1
>
> B host file doesn't have 0.0.0.0/1 and 128.0.0.0/1
>
> I only added one route to 5.6.7.8 via B, not via C
>
>
> On Mon, Feb 29, 2016 at 4:40 PM, Maxim Vorontsov <6012030 at gmail.com>
> wrote:
>
>> hi.
>>
>> Are you add only 0.0.0.0/1 as route, not 128.0.0.0/1 too?
>> Did you tried to add route to 5.6.7.8 via C with lesser metric then via B?
>>
>> If you have to add static routes only on a few servers, you can add them
>> to the $HOST-up scripts.
>>
>>
>>
>>
>>
>> On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <gb2313 at gmail.com> wrote:
>>
>>> my network:
>>>
>>> local pc(192.168.1.2)-->openwrt_adsl_router A(
>>> 192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24 tinc)<---remote B:
>>> 10.10.20.1/24
>>>                                                                     ^
>>>                                                                     |
>>>                                              remote C:10.10.0.1/24
>>>
>>>
>>> all running tinc 1.0.x,
>>>
>>> ADSL router runs as a "server"(only one tinc instance), listening on
>>> some port,
>>> client B and C connect to ADSL router,
>>> from my pc I need to:
>>> 1. Access B's subnet 192.168.50.1/24
>>> 2. Access some WAN websites via C
>>> 3. no traffic between B and C
>>> 4. other traffic goes to pppoe interface by default
>>>
>>> here are the config files:
>>> A: router
>>>
>>> tincd.conf:
>>> device = /dev/net/tun
>>> name = vpn
>>> interface = vpn
>>> addressFamilay = ipv4
>>>
>>> ##
>>> Address=xxx.dyndns.org
>>> Port=xxx port
>>> subnet=10.10.10.0/24
>>> Subnet=192.168.1.0/24
>>>
>>> ##tinc-up:
>>> ifconfig vpn 10.10.10.1/24 up
>>> route add -host 10.10.0.1 dev vpn
>>> route add -net 10.10.0.0/24 gw 10.10.0.1
>>>
>>> route add -host 10.10.20.1 dev vpn
>>> route add -net 10.10.20.0/24 gw 10.10.20.1
>>> route add -net 192.168.50.0/24 gw 10.10.20.1   (requirement .1)
>>>
>>> route add -net many websites networks gw 10.10.0.1 (requirement .2)
>>> ...
>>> ###########################
>>> B:
>>> connectTo=vpn
>>> ##
>>> Subnet=10.10.20.0/24
>>> Subnet=192.168.50.0/24
>>>
>>> ##
>>> ifconfig Binc 10.10.20.1/24 up
>>> route add -host 10.10.10.1 dev Binc
>>> route add -net 10.10.10.0/24 gw 10.10.10.1
>>> route add -net 192.168.1.0/24 gw 10.10.10.1
>>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>
>>> ###########################
>>> C:
>>> connectTo=vpn
>>> ##
>>> Subnet=10.10.0.0/24
>>> Subnet=0.0.0.0/1     ----------> this line only exists in server
>>> C:/etc/tinc/hosts/C, but I guess it can be learned by router node
>>>
>>> ##
>>> ifconfig Cinc 10.10.0.1/24 up
>>> route add -host 10.10.10.1 dev Cinc
>>> route add -net 192.168.1.0/24 gw 10.10.10.1
>>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>
>>> ########################
>>> router has B and C host files, B don't have C's and C don't have B's
>>> host file
>>>
>>> this works fine for me,
>>>
>>> but today, I need to access a WAN server(5.6.7.8) via B, so I added a
>>> route:
>>> route add -host 5.6.7.8 gw 10.10.20.1 (B)
>>> I thought it should work like other routes, but the traffic still goes
>>> through C,
>>> after examine the config, I think the problem maybe because of only  C
>>> has "Subnet=0.0.0.0/1"
>>>
>>> my questions are:
>>> 1. why packet has route with default gw to B can be routed to C ? is it
>>> right behavior?
>>> 2. how to route 5.6.7.8 via B ? add "Subnet=0.0.0.0/1" to B's host file
>>> ?
>>> I have some trouble to test this now, because B is not easy to
>>> access,(best way is let it connect to me)
>>> also, even this way works, I don't want other networks's traffic(added
>>> route for C) goes through B, or randomly.
>>> 3. I removed "Subnet=0.0.0.0/1" from C, then all route(to WAN) via B/C
>>> not work anymore, is there anyway to
>>> let those "route add (WAN networks) gw 10.10.0.1" works without the
>>> "Subnet=0.0.0.0/1" ?
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>>
>>>
>>
>>
>> --
>> brgds
>> Maxim Vorontsov
>>
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>>
>>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>


-- 
brgds
Maxim Vorontsov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160229/4d9779b9/attachment.html>


More information about the tinc mailing list