Second VPN network fails to start
Robert Horgan
robert at gainplus.asia
Thu May 23 09:56:50 CEST 2019
Hi Lars,
Appreciate all your help, unfortunately the problem remains. I've marked up below:
>>> Lars Kruse <lists at sumpfralle.de> 22-May-19 4:02 PM >>>
Hello Robert,
Am Mon, 20 May 2019 11:11:39 +0700
schrieb "Robert Horgan" <Robert at gainplus.asia>:
> These are my files:
>
> On server 1: db2
>
> /etc/tinc/nets.boot
> #
> gainplus (this works fine, autostarts, etc)
> #vpn1
stats
>
> /etc/tinc/vpn1/tinc.conf
> Name = db2
> BindToAddress = 10.130.17.192
> AddressFamily = ipv4
> Port = 656
> ConnectTo = gtdb
># Interface = tun0
I would recommend to remove the "Interface" line (this results in an interface
called "vpn1" in your case) or specify a human-readable name of the VPN instead.
done.
> /etc/tinc/vpn1/tinc-up
> #!/bin/sh
> # tinc-up
> ip addr add 10.3.0.50/24 dev $INTERFACE
> ip link set dev $INTERFACE up
>
> /etc/tinc/vpn1/hosts/gtdb
>Address = 10.130.8.6
Subnet = 10.3.0.51/32
> Port = 656
>
> -----BEGIN RSA PUBLIC KEY-----
I think, the "Address" line is missing in the file above (necessary for your
"ConnectTo" statement).
Done
> /etc/tinc/vpn1/hosts/db2
> Address = 10.130.17.192
> Subnet = 10.3.0.50/32
> Port = 656
>
> -----BEGIN RSA PUBLIC KEY-----
>
> #########################################################
>
> On server 2: gtdb
>
> /etc/tinc/nets.boot
> #
> gainplus
> vpn1
>
> /etc/tinc/vpn1/tinc.conf
> Name = gtdb
> BindToAddress = 10.130.8.6
> AddressFamily = ipv4
> Port = 656
> ConnectTo = db2
> Interface = tun0
>
> /etc/tinc/vpn1/tinc-up
> #!/bin/sh
> # tinc-up
> ip addr add 10.3.0.51/24 dev $INTERFACE
> ip link set dev $INTERFACE up
>
> /etc/tinc/vpn1/hosts/gtdb
> Address = 10.130.8.6
> Subnet = 10.3.0.51/32
Are you sure, that you want to announce the availability of this subnet behind
gtdb? In this case you probably bridged the respective external interface with
the tinc interface? Or you use dynamic or static routes for selecting the right
outgoing interface for traffic?
Or should the above line be changed into a /32 subnet just for the node address
itself?
Fixed
> Port = 656
>
> -----BEGIN RSA PUBLIC KEY-----
>
> /etc/tinc/vpn1/hosts/db2
> Address = 10.130.17.192
> Subnet = 10.3.0.50/32
> Port = 656
>
> -----BEGIN RSA PUBLIC KEY-----
>
> The result I get when running ip a on either server only shows the first VPN
> tunnel:
>
> 9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel
> state UNKNOWN group default qlen 500 link/none
> inet 10.0.0.51/24 scope global tun0
> valid_lft forever preferred_lft forever
Could this be as simple as a name conflict ("tun0" for both VPN setups)?
The first VPN that comes up is now gainplus after changing details above so no possible conflict
ip a shows:
5: gainplus: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.0.0.51/24 scope global gainplus
valid_lft forever preferred_lft forever
If not: do you find any information in your local logs?
(e.g. /var/log/daemon.log)
no /var/log/daemon.log exists but in /var/log/syslog displays these errors, but I am confused about resolving them!
May 23 14:35:14 db2 systemd[1]: tinc at VPN1.service: Service hold-off time over, scheduling restart.
May 23 14:35:14 db2 systemd[1]: tinc at VPN1.service: Scheduled restart job, restart counter is at 1165.
May 23 14:35:14 db2 systemd[1]: Stopped Tinc net VPN1.
May 23 14:35:14 db2 systemd[1]: Started Tinc net VPN1.
May 23 14:35:14 db2 systemd[31386]: tinc at VPN1.service: Changing to the requested working directory failed: No such file or directory
May 23 14:35:14 db2 systemd[31386]: tinc at VPN1.service: Failed at step CHDIR spawning /usr/sbin/tincd: No such file or directory
May 23 14:35:14 db2 systemd[1]: tinc at VPN1.service: Main process exited, code=exited, status=200/CHDIR
May 23 14:35:14 db2 systemd[1]: tinc at VPN1.service: Failed with result 'exit-code'.
May 23 14:36:01 db2 CRON[31389]: (nodequery) CMD (bash /etc/nodequery/nq-agent.sh > /etc/nodequery/nq-cron.log 2>&1)
May 23 14:36:14 db2 systemd[1]: tinc at VPN1.service: Service hold-off time over, scheduling restart.
May 23 14:36:14 db2 systemd[1]: tinc at VPN1.service: Scheduled restart job, restart counter is at 1166.
May 23 14:36:14 db2 systemd[1]: Stopped Tinc net VPN1.
May 23 14:36:14 db2 systemd[1]: Started Tinc net VPN1.
May 23 14:36:14 db2 systemd[31983]: tinc at VPN1.service: Changing to the requested working directory failed: No such file or directory
May 23 14:36:14 db2 systemd[31983]: tinc at VPN1.service: Failed at step CHDIR spawning /usr/sbin/tincd: No such file or directory
May 23 14:36:14 db2 systemd[1]: tinc at VPN1.service: Main process exited, code=exited, status=200/CHDIR
May 23 14:36:14 db2 systemd[1]: tinc at VPN1.service: Failed with result 'exit-code'.
Cheers,
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190523/53844992/attachment.html>
More information about the tinc
mailing list