I'm doing exactly what I think you're trying to do.<br><br>You are using switched mode, so you can remove the Subnet statements. Otherwise, if you mean to have your VPN routed instead of switched, you need to remove the mode=switch statements.<br>
<br>I recommend keeping switch mode, and removing the un-necessary Subnet statements.<br><br>Now, you need to bridge your tun interface with your physical interface at home. This will open the rest of your home network to your VPN provided all hosts use the same network and netmask.<br>
<br>You say you are using Ubuntu, so you can do "apt-get install bridge utils"<br><br>You will need your tinc-up script to be something like this;<br><br>#!/bin/sh<br>modprobe tun<br>ifconfig vpn 0.0.0.0<br>ifconfig vpn up<br>
ifconfig eth0 0.0.0.0<br>ifconfig eth0 up<br><br>brctl addbr bridge<br>brctl addif bridge vpn<br>brctl addif bridge eth0<br>ifconfig bridge 10.10.0.30 netmask 255.255.255.0<br>route add default gw 10.10.0.254 bridge<br>ifconfig bridge up<br>
<br>Here's my tinc.conf. it's *very* simple.<br><br>donald@DonaldTincVM:/etc/tinc/vpn$ cat tinc.conf<br>Name = Donald<br>ConnectTo = Pat<br>Device = /dev/net/tun<br>Mode = switch<br>PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv<br>
<br><br>And here's my host files.<br><br>donald@DonaldTincVM:/etc/tinc/vpn/hosts$ cat Donald<br>Address = xxxx<br>Port = 8002<br>IndirectData = Yes<br>Compression = 0<br>PMTUDiscovery = Yes<br>RSA stuff.<br><br>donald@DonaldTincVM:/etc/tinc/vpn/hosts$ cat Pat<br>
Address = <a href="http://nixon.endoftheinternet.org">nixon.endoftheinternet.org</a><br>Port = 8003<br>IndirectData = Yes<br>Compression = 0<br>PMTUDiscovery = Yes<br>RSA stuff.<br><br><div class="gmail_quote">On Sun, Feb 7, 2010 at 5:26 PM, M.Farghaly <span dir="ltr"><<a href="mailto:m@farghaly.com">m@farghaly.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi there,<br>
<br>
I am using tinc since some monthes. I think the basic idea of<br>
extending vpn to a mesh of systems via tun/tap is great. And I think<br>
it is one of the useable developments compared to the much more<br>
complex vpn solutions I had used in the past. Great work.<br>
<br>
Setting up tinc I have fought with the configuration (and with the<br>
concepts) for a while as I have found no example that covers my<br>
special setup until I reached this fairly minimal config below.<br>
<br>
The setup is as follows:<br>
Home network is 10.10.0.x/24, Ubuntu Unix Server has internal IP<br>
10.10.0.30, Gateway is 10.10.0.254<br>
I have a dynamic ip on this network and a masquerading firewall router.<br>
<br>
I am accessing home network via Ubuntu linux laptop via UMTS which<br>
means dynamic IP-Address, normally also in the 10.x.y.z Range (can<br>
this be a problem ?).<br>
<br>