<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Calibri">Hi,<br>
<br>
Thank you for this helpfull explanation !<br>
<br>
Best regards,<br>
<br>
</font><br>
Guus Sliepen a écrit :
<blockquote cite="mid:20090520175800.GD6552@sliepen.org" type="cite">
<pre wrap="">On Wed, May 20, 2009 at 06:58:23PM +0200, Ricardo Belin wrote:
</pre>
<blockquote type="cite">
<pre wrap="">My problem is that in order to run a simple VPN between two machines I
had to manually add the "route add -net <ip>/24 $INTERFACE" statement on
hosts' tinc-up files.
</pre>
</blockquote>
<pre wrap=""><!---->
Suppose you have two nodes, A and B, and A has 192.168.1.0/24, and B has
192.168.2.0/24. If you then put "ifconfig $INTERFACE 192.168.x.1 netmask
255.255.0.0" in the tinc-up files, then you would not need extra route add
commands, since the whole 192.168.0.0/16 is routed to the VPN. However, if you
use netmask 255.255.255.0 in tinc-up, then yes, you need to add extra routes.
</pre>
<blockquote type="cite">
<pre wrap="">I came accross a lot of messages in the archive saying that tinc doesn't
handle routing and that it's my job to configure the routes manually.
</pre>
</blockquote>
<pre wrap=""><!---->
Yes, tinc does not automatically configure the VPN interface and does not add
routes, you need to create tinc-up and possibly other scripts to do that.
</pre>
<blockquote type="cite">
<pre wrap="">But according to the website :
1) <a class="moz-txt-link-freetext" href="http://www.tinc-vpn.org/documentation/tinc_3.html#SEC37">http://www.tinc-vpn.org/documentation/tinc_3.html#SEC37</a>
"An example 'tinc-up' script:
#!/bin/sh
ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
This script gives the interface an IP address and a netmask. The
kernel _will also automatically add a route to this interface_ , so
normally you _don't need to add route commands_ to the 'tinc-up'
script. The kernel will also bring the interface up after this
command. The netmask is the mask of the /entire/ VPN network, not
just your own subnet."
</pre>
</blockquote>
<pre wrap=""><!---->
The example is correct, the netmask is so large that it encompasses the whole
VPN, so you don't need to add more routes. The ifconfig command in the example
configures the interface, but also adds a route for 192.168.0.0/16 to the
kernel's routing table.
If you do not want to use such a large netmask, you can create a subnet-up
script that contains the following:
#!/bin/sh
ip route add $SUBNET dev $INTERFACE
And a corresponding subnet-down of course. But you're free to do something
else.
</pre>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
tinc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a>
<a class="moz-txt-link-freetext" href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ricardo BELIN
+33 (0)1 77 70 65 13
Sewan Communications
16 rue Jeanne Hachette
75015 Paris</pre>
</body>
</html>