Bridge LAN for Windows Road Warrior

Herr Brandes schaggo at outlook.com
Sun Nov 27 19:05:59 CET 2016


A couple days ago with help from Guus I got my basic setup running. I played and switched around parameters, modes, subnets etc and always got things working in each config.
Trying to move on, I only just now realised that for what I ultimately want to do, I would have to make every machine in my office LAN a tinc node, which I’m not allowed to. I’m allowed to build up a “tinc gateway” (can be Linux or Windows virtual machine) inside the company LAN and configure the firewall to forward traffic there, but not more.

I spent the last night trying to get things working with bridging VPN and LAN on several OS inside company LAN but I failed. Each node I setup was eventually pingable from my roaming client, but not the LAN. No matter what I tried.

My scenario:
tinc 1.1pre14 on all operating in switch mode.
Roaming notebook has Windows 10, inside CORP LAN I have several VM's running which can host tinc, among others Windows 7, Windows Server 2008 R2 and 2012 R2 and 2016, I also have various Linux VM's available, currently setup are CoreOS, latest Ubuntu 16.04 and a compact edition of Debian 8.6. I know a little bit about Linux, I'm still very much a novice though.


Roadwarrior ---------- INTERNET/WAN ---------- CORP LAN 
  roaming tinc node      home                    1 static tinc node
  Windows 10             university              Windows & Linux
  various IP             customers				 10.42.0.0/16
  various subnet         cellphone               mainly .2.0 and .10.0
 

For simplicity: roaming roadwarrior node is CLIENT, company LAN node is CORP.
CORP real LAN IP will be 10.42.2.x subnet 255.255.0.0. Other servers in this LAN will also be in 10.42.2.x. Our clients (Windows workstations/notebooks) inside LAN reside in 10.42.10.x.
Inside LAN, my CLIENT of course also has 10.42.10.x, when roaming I will naturally have various IP's and subnets, 160.x.x.x, 192.168.1.x, 192.168.0.x etc.

As said I tested various combinations, putting tinc nodes on 192.168.100.0/24, 10.42.100.0/24, I also tried 10.42.100.0/16 (range of 10.42.0.0/16 as CORP LAN) but never succeeded to route to CORP LAN or vice versa, I could always only ping CORP tinc node or CLIENT from CORP node, never from a generic LAN machine. Pinging CORP node from CLIENT node was possible using VPN IP but also LAN IP.

Any suggestions on which OS to pick for CORP, which range and subnet for VPN and on how to go about in general? Many thanks in advance!


More information about the tinc mailing list