OK... I've tried what you said, but I keep getting a "Error on ADD_SUBNET" on the client machine.<br><br>Here are my configuration files and setup:<br><br><font size="4"><b>Server Setup:</b></font><br><br><b>tinc.conf</b><br>
<br><div style="margin-left: 40px;">AddressFamily = ipv4<br>Device = /dev/net/tun<br>Mode = switch<br>Name = masterserver<br>PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv<br>BindToInterface = eth1<br>TunnelServer = yes<br><br>
</div><b>tinc-up</b><br><br><div style="margin-left: 40px;">ifconfig $INTERFACE 10.1.1.1 netmask 255.0.0.0<br><br></div><b>hosts/masterserver</b> (The address is my external IP address)<br><br><div style="margin-left: 40px;">
Compression = 0<br>Subnet = <a href="http://10.1.0.0/16">10.1.0.0/16</a><br>Address = 87.*.*.*<br>Port = 655<br>TCPonly = yes<br>-----BEGIN RSA PUBLIC KEY-----<br>***<br>-----END RSA PUBLIC KEY-----<br><br></div><b>hosts/client1</b><br>
<br><div style="margin-left: 40px;">Compression = 0<br>Subnet = <a href="http://10.2.0.0/16">10.2.0.0/16</a><br>Port = 655<br>TCPonly = yes<br>-----BEGIN RSA PUBLIC KEY-----<br>***<br>-----END RSA PUBLIC KEY-----<br></div>
<br><b>ifconfig ouput</b><br><br><div style="margin-left: 40px;">vpn Link encap:Ethernet HWaddr a6:7e:2b:ad:80:ea<br></div><div style="margin-left: 40px;"> inet addr:10.1.1.1 Bcast:10.255.255.255 Mask:255.0.0.0<br>
inet6 addr: fe80::a47e:2bff:fead:80ea/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:3 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:500<br> RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)<br><br><br></div><font size="4"><b>Client1 Settings</b></font><br><br><b>tinc.conf</b><br><br><div style="margin-left: 40px;">AddressFamily = ipv4<br>
Device = /dev/net/tun<br>Name = client1<br>PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv<br>BindToInterface = eth1<br>TunnelServer = yes<br><br></div><br><b>tinc-up</b><br><br><div style="margin-left: 40px;">ifconfig $INTERFACE 10.1.1.1 netmask 255.0.0.0<br>
</div><br><b>hosts/masterserver</b> (The address is my external IP address)<br><br><div style="margin-left: 40px;">Compression = 0<br>Subnet = <a href="http://10.1.0.0/16">10.1.0.0/16</a><br>Address = 87.*.*.*<br>Port = 655<br>
TCPonly = yes<br>-----BEGIN RSA PUBLIC KEY-----<br>***<br>-----END RSA PUBLIC KEY-----<br><br></div><b>hosts/client1</b> (The address is my external IP address)<br><br><div style="margin-left: 40px;">Compression = 0<br>Subnet = <a href="http://10.2.0.0/16">10.2.0.0/16</a><br>
Port = 655<br>TCPonly = yes<br>ConnectTo = masterserver<br>-----BEGIN RSA PUBLIC KEY-----<br>***<br>-----END RSA PUBLIC KEY-----<br><br></div><br>Sadly, I can't get to the ifconfig output on the client right now, but I don't know if you need that or not. I don't see whats wrong here. I thought maybe you could shine some light on it?<br>
<br>Cheers,<br><br>Andy Barlow<br><br><br><div class="gmail_quote">2009/3/4 Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Wed, Mar 04, 2009 at 03:03:29PM +0000, Andrew Barlow wrote:<br>
<br>
> I'll give it another shot, although i'm sure that's how I had it setup, but<br>
> the server kept saying it didn't know how to get to the client, because the<br>
> clients host file on the server doesn't contain an address for the host<br>
> (Because the client address is dynamic).<br>
<br>
</div>It sounds like you added "ConnectTo = client" lines to the tinc.conf on the<br>
server. You should remove those. It's enough if the client has a ConnectTo =<br>
server.<br>
<div class="im"><br>
> Also, how could I circumvent the nat problem? With a simple port opening of<br>
> TCP/UDP 655 wherever the clients are (if they can)?<br>
<br>
</div>That would help.<br>
<div class="im"><br>
> Could you post an example tinc.conf for the server and one of the clients<br>
> for me so I can see what I got matches what you got, based on my previous<br>
> email? Maybe a host file for each too so I can see how thats done?<br>
><br>
> My previous testing got me connected to each other but I had to manually<br>
> have the external IPs of each client setup in each host... but as the only<br>
> machine that doesn't change address is the server, its not very flexible or<br>
> convenient.<br>
<br>
</div>You don't have to add Addresses of clients if you remove the ConnectTo lines<br>
from the server's tinc.conf.<br>
<div class="im"><br>
> I must also note that the server will be running Ubuntu Server 9.04 (Tinc<br>
> version 1.0.9) and some of the clients will be linux and some will be<br>
> Windows. For the moment though, its all Linux on Linux action. I assume Tinc<br>
> doesn't care as long as the host files and tinc.confs are setup ok?<br>
<br>
</div>That's correct.<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="h5">Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</div></div><br>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.9 (GNU/Linux)<br>
<br>
iEYEARECAAYFAkmum/IACgkQAxLow12M2ntldACfYofA32sRNo6gZo8Gw5+QLMo/<br>
vGsAoKg53rQe+X6j7szBe97k/erKA0kD<br>
=DBap<br>
-----END PGP SIGNATURE-----<br>
<br>_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br>