You don't have any route on your other computer telling it where to go. It's network is <a href="http://192.168.0.0/24">192.168.0.0/24</a> (255.255.255.0 mask). For any destinations outside of that network, it sends traffic to it's default gateway 192.168.0.1. <br>
<br>Your VPN network is <a href="http://10.20.0.0/16">10.20.0.0/16</a> (255.255.0.0 mask). This computer right now is trying to get to the <a href="http://10.20.0.0/16">10.20.0.0/16</a> network through the default gateway of 192.168.0.1 because it doesn't know any better.<br>
<br>If you want the 2nd host to reach that network, you need to tell it how to get there.<br><br>You need a route that looks something like this.<br><br>Network Dest. Netmask Gateway Interface Metric<br>
10.20.0.0 255.255.0.0 192.168.0.155 192.168.0.168 1<br><br>The command is something like;<br>route ADD 10.20.0.0 MASK 255.255.0.0 192.168.0.155 METRIC 1 IF 192.168.0.168<br><br>the "IF 192.168.0.168" at the end may not work, you may need to use the numbered alias for the interface. At the top of "route print" the interfaces are listed. The first of each item is it's number alias. The MAC address is also listed so you can do an "ipconfig/all" to get the MAC of your physical network adapter to verify the interface. The number "1" is always the loopback, and is the same as 127.0.0.1 for example.<br>
<i><br><a href="http://10.20.30.1/192.168.0.155" target="_blank">10.20.30.1/192.168.0.155</a><br><br>==============================</i>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><i>==============================</i><i>===============<br>
Interface List<br>
0x3 ...00 ff 03 32 1e 50 ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport<br>
==============================</i><i>==============================</i><i>===============<br>
==============================</i><i>==============================</i><i>===============<br>
Active Routes:<br>
Network Destination Netmask Gateway Interface Metric<br>
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.155 20<br>
10.20.0.0 255.255.0.0 10.20.30.1 10.20.30.1 30<br>
10.20.30.1 255.255.255.255 127.0.0.1 127.0.0.1 30<br>
10.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 30<br>
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1<br>
192.168.0.0 255.255.255.0 192.168.0.155 192.168.0.155 20<br>
192.168.0.155 255.255.255.255 127.0.0.1 127.0.0.1 20<br>
192.168.0.255 255.255.255.255 192.168.0.155 192.168.0.155 20<br>
224.0.0.0 240.0.0.0 10.20.30.1 10.20.30.1 30<br>
224.0.0.0 240.0.0.0 192.168.0.155 192.168.0.155 20<br>
255.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 1<br>
255.255.255.255 255.255.255.255 192.168.0.155 192.168.0.155 1<br>
Default Gateway: 192.168.123.1<br>
==============================</i><i>==============================</i><i>===============<br>
Persistent Routes:<br>
None<br><br>
xxx.xxx.xxx.xxx/<a href="http://192.168.0.155/" target="_blank">192.168.0.155</a><br><br>
==============================</i>
<i>==============================</i><i>===============<br>
Active Routes:<br>
Network Destination Netmask Gateway Interface Metric<br>
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.168 25<br>
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1<br>
192.168.0.0 255.255.255.0 192.168.0.168 192.168.0.168 25<br>
192.168.0.168 255.255.255.255 127.0.0.1 127.0.0.1 25<br>
192.168.0.255 255.255.255.255 192.168.0.168 192.168.0.168 25<br>
224.0.0.0 240.0.0.0 192.168.0.168 192.168.0.168 25<br>
255.255.255.255 255.255.255.255 192.168.0.168 192.168.0.168 1<br>
255.255.255.255 255.255.255.255 192.168.0.168 2 1<br>
255.255.255.255 255.255.255.255 192.168.0.168 10006 1<br>
255.255.255.255 255.255.255.255 192.168.0.168 20004 1<br>
Default Gateway: 192.168.0.1<br>
==============================</i><i>==============================</i><i>===============<br>
Persistent Routes:<br>
None<br><br>
Just to recap. 168 can ping 155 just fine. 155 can ping 10.20.40.1 and<br>
10.20.50.1 (both distant nodes of the vpn) just fine and they can ping<br>
10.20.30.1 just fine. But since 168 can't ping 10.20.30.1, it<br>
obviously can't find 10.20.40.1 or 10.20.50.1.<br><br>
I should also note that when I say that it *can* ping a computer, it<br>
also sees all windows shares just fine.<br><br>
Thanks for looking at this.</i>
<br>
<div><div class="h5">_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a></div></div></blockquote><br><br><div class="gmail_quote">On Tue, Feb 2, 2010 at 1:30 PM, Anon <span dir="ltr"><<a href="mailto:anon4321@gmail.com">anon4321@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">>> I don't think adding IP forwarding will help, will it? I added it<br>
>> through modifying the registry, but it doesn't have any impact.<br>
<br>
>> Yes shure, you must have forwaring/routing activated on every tinc host,<br>
>> or he can't gate your packets to the other network.<br>
>> Sorry, don't know the exact names, should be in services - routing and<br>
>> ras. I have German XP ;-)<br>
<br>
My paragraph above says that I did find how to add forwarding. I<br>
confirmed that it<br>
was not activated, yet the vpn worked fine. I then activated it, and<br>
the vpn continues<br>
to work fine. In both states, non-host computers can not access the vpn.<br>
<br>
>> Based on the below, I'm trying to ping 10.20.40.1 from 192.168.0.168,<br>
>> but since I can't<br>
>> even ping 10.20.30.1 from 192.168.0.168 (although I can ping<br>
>> 192.168.0.1 from 192.168.0.168,<br>
>> of course) I think I'm stuck. Once I can ping 10.20.30.1 from<br>
>> 192.168.0.168<br>
>> I can then worry about getting to 10.20.40.1, which, if it requires<br>
>> TCP/IP forwarding,<br>
>> I'll do that.<br>
<br>
> Yes exactly, first get ping from 192.168.0168 to 10.20.30.1, until this<br>
> does not work, check ip routing/forwarding and your static routing on<br>
> 192.168.0.155+168<br>
> Can you send "route print" from this two computers?<br>
<div class="im"><br>
<a href="http://10.20.30.1/192.168.0.155" target="_blank">10.20.30.1/192.168.0.155</a><br>
<br>
</div>===========================================================================<br>
Interface List<br>
0x3 ...00 ff 03 32 1e 50 ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport<br>
===========================================================================<br>
===========================================================================<br>
Active Routes:<br>
Network Destination Netmask Gateway Interface Metric<br>
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.155 20<br>
10.20.0.0 255.255.0.0 10.20.30.1 10.20.30.1 30<br>
10.20.30.1 255.255.255.255 127.0.0.1 127.0.0.1 30<br>
10.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 30<br>
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1<br>
192.168.0.0 255.255.255.0 192.168.0.155 192.168.0.155 20<br>
192.168.0.155 255.255.255.255 127.0.0.1 127.0.0.1 20<br>
192.168.0.255 255.255.255.255 192.168.0.155 192.168.0.155 20<br>
224.0.0.0 240.0.0.0 10.20.30.1 10.20.30.1 30<br>
224.0.0.0 240.0.0.0 192.168.0.155 192.168.0.155 20<br>
255.255.255.255 255.255.255.255 10.20.30.1 10.20.30.1 1<br>
255.255.255.255 255.255.255.255 192.168.0.155 192.168.0.155 1<br>
Default Gateway: 192.168.123.1<br>
===========================================================================<br>
Persistent Routes:<br>
None<br>
<br>
xxx.xxx.xxx.xxx/<a href="http://192.168.0.155" target="_blank">192.168.0.155</a><br>
<br>
===========================================================================<br>
Active Routes:<br>
Network Destination Netmask Gateway Interface Metric<br>
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.168 25<br>
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1<br>
192.168.0.0 255.255.255.0 192.168.0.168 192.168.0.168 25<br>
192.168.0.168 255.255.255.255 127.0.0.1 127.0.0.1 25<br>
192.168.0.255 255.255.255.255 192.168.0.168 192.168.0.168 25<br>
224.0.0.0 240.0.0.0 192.168.0.168 192.168.0.168 25<br>
255.255.255.255 255.255.255.255 192.168.0.168 192.168.0.168 1<br>
255.255.255.255 255.255.255.255 192.168.0.168 2 1<br>
255.255.255.255 255.255.255.255 192.168.0.168 10006 1<br>
255.255.255.255 255.255.255.255 192.168.0.168 20004 1<br>
Default Gateway: 192.168.0.1<br>
===========================================================================<br>
Persistent Routes:<br>
None<br>
<br>
Just to recap. 168 can ping 155 just fine. 155 can ping 10.20.40.1 and<br>
10.20.50.1 (both distant nodes of the vpn) just fine and they can ping<br>
10.20.30.1 just fine. But since 168 can't ping 10.20.30.1, it<br>
obviously can't find 10.20.40.1 or 10.20.50.1.<br>
<br>
I should also note that when I say that it *can* ping a computer, it<br>
also sees all windows shares just fine.<br>
<br>
Thanks for looking at this.<br>
<div><div></div><div class="h5">_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
</div></div></blockquote></div><br>