<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Donald,<br>
<br>
thank you, while I still have some questions, your answer is
definitely a step in the right direction.<br>
In the other reply I was asked what I'm trying to achieve. Let's
consider the following scenario (which is quite similar to the one
that described in the tinc manual).<br>
<br>
Let's assume we have two households, each has 3-5 computers in it.
Both house holds have similar network configuration:<br>
They are connected to internet with an ADSL line and a router.<br>
The computers in the local network access internet via the router.<br>
The router is configured so that one of the computers have port 665
forwarded to be accessible outside.<br>
The external IP is changed rarely and there is dynamic DNS service
(external) in use to accommodate for the change of IP when it
happens.<br>
<br>
One household has local network addresses of 192.168.1.* and the
other has 10.1.1.*<br>
I'm installing tinc on one computer in each household. <br>
<br>
The goal is to let all computers in both house holds to see each
other by ip address. Also it is desired that for computer games
purposes<br>
all computers appear to be on the same LAN (for broadcasts). But
this is not mandatory. (it appears that it's not possible without
installing tinc on every PC <br>
as every tinc daemon serves a subnet and two tinc daemons can't
serve a part of subnet each)<br>
<br>
All computers run different flavours of Windows, most being Windows
7.<br>
<br>
I have two ideas how to set this up, although I'm not sure if any of
these two works:<br>
<br>
IDEA1.<br>
=====<br>
Household A<br>
Gateway IP: 10.30.0.1<br>
Gateway Mask: 255.255.255.0<br>
Gateway Default Gateway: ????<br>
<br>
Other PCs IP: 10.30.0.2,3,4 etc<br>
Other PCs Mask: 255.255.255.0<br>
Other PCs Deafult Gateway: 10.30.0.1<br>
<br>
Tinc Subnet: 10.30.0.0/25<br>
<br>
Household B<br>
Gateway IP: 10.30.0.129<br>
Gateway Mask: 255.255.255.0<br>
Gateway Default Gateway: ????<br>
<br>
Other PCs IP: 10.30.0.130,131,132 etc<br>
Other PCs Mask: 255.255.255.0<br>
Other PCs Default Gateway: 10.30.0.129<br>
<br>
Tinc Subnet: 10.30.0.128/25<br>
<br>
<br>
IDEA2.<br>
=====<br>
Household A<br>
Gatway IP: 10.30.0.1<br>
Gateway Mask: 255.255.255.0<br>
Gateway Default Gateway: ????<br>
<br>
Other PCs IP: 10.30.0.2-255 etc<br>
Other PCs Mask: 255.255.255.0<br>
Other PCs Default Gateway: 10.30.0.1<br>
<br>
Tinc Subnet: 10.30.0.0/24<br>
<br>
Household B<br>
Gateway IP: 10.30.1.1<br>
Gateway Mask: 255.255.255.0<br>
Gateway Default Gateway: ????<br>
<br>
Other PCs IP: 10.30.1.2-255 etc<br>
Other PCs Mask: 255.255.255.0<br>
Other PCs Default Gateway: 10.30.0.129<br>
<br>
Tinc Subnet: 10.30.1.0/24<br>
<br>
<br>
So IDEA 1 probably won't work at all. Will it? And with IDEA 2 the
pc's won't appear on the same LAN and their broadcasts won't reach
each other.<br>
As far as I understand I need to install TAP interface on each of
the participating windows PCs, correct?<br>
What is specified in default gateway of the gateways?<br>
<br>
<br>
Thank you in advance,<br>
Andrew<br>
<br>
On 7/10/2010 4:36 a.m., Donald Pearson wrote:
<blockquote
cite="mid:AANLkTi=2c+qfim8_Zuke4DOSyMT0k7UwMxFtHeLG-5bn@mail.gmail.com"
type="cite">The PCs that you want to participate need to have a
route for the VPN subnet pointing to their local VPN gateway,
which would be the local device with Tinc installed on it.
<div><br>
</div>
<div>Theoretical configuration example.</div>
<div><br>
</div>
<div>VPN subnet is <a moz-do-not-send="true"
href="http://10.10.10.0/24">10.10.10.0/24</a></div>
<div><br>
</div>
<div>At a location, one computer <a moz-do-not-send="true"
href="http://192.168.1.254/24">192.168.1.254/24</a> connects
to the VPN and serves as the VPN gateway. This gateway needs to
be configured for TCP/IP forwarding.</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://support.microsoft.com/kb/315236">http://support.microsoft.com/kb/315236</a> -
windows</div>
<div><a moz-do-not-send="true"
href="http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/">http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/</a> -
linux</div>
<div><br>
</div>
<div>Other computers local to the gateway need a route to the VPN
network added so they know how to get there.</div>
<div><br>
</div>
<div>In windows. route -p add 10.10.10.0 mask 255.255.255.0
192.168.1.254</div>
<div>This will add the persistent route that remains after reboot.</div>
<div><br>
</div>
<div>Does that answer your question?</div>
<div><br>
<div class="gmail_quote">On Wed, Oct 6, 2010 at 6:41 AM, Andrew
Savinykh <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:andrews@brutsoft.com">andrews@brutsoft.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000"> Thank you for your
reply. As far as I can see there is no point specifying
subnet that consists of more than one PC in tinc config if
you are going to install tinc on every PC in the subnet
anyway. Correct me if I'm wrong.<br>
Now, assuming I'm right, there will be PCs in the subnet
that don't have tinc installed on them. How to configure
these PCs so they are a part of the subnet and participate
in routing?<br>
<br>
Cheers,<br>
Andrew
<div>
<div class="h5"><br>
<br>
On 6/10/2010 10:13 p.m., Cédric Lemarchand wrote: </div>
</div>
<blockquote type="cite">
<div>
<div class="h5"> Hi,<br>
<br>
I am not sure to understand what you mean with
"joining" a subnet.<br>
<br>
But if your "local computer" need to reach the
"remote subnet" served by tinc, you can set the
local IP of the local tinc server as the default
gateway, or add a route to the remote subnet via the
local tinc IP. Of course, computer located on the
remote subnet need the same thing.<br>
<br>
Cédric<br>
<br>
Le 06/10/10 09:37, Andrew Savinykh a écrit :
<blockquote type="cite"> Hello all, <br>
<br>
I understand that each tinc daemon corresponds to
one or more subnets that it "owns" a subnet can be
a single ip or more. <br>
Could you please tell me what do I need to do to
join a computer in local network (windows) to a
subnet served by tinc? <br>
<br>
Thank you in advance, <br>
Andrew <br>
<br>
_______________________________________________ <br>
tinc mailing list <br>
<a moz-do-not-send="true"
href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a>
<br>
<a moz-do-not-send="true"
href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc"
target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
<br>
</blockquote>
<br>
<br>
<div>-- <br>
<p style="margin-bottom: 0cm; line-height: 0.1cm;"><font
face="Arial Black, sans-serif"><font size="2"><b>Cédric
Lemarchand – iXSea SAS</b></font></font></p>
<p style="margin-bottom: 0cm; line-height: 0.1cm;"><font
face="Arial, sans-serif"><font size="2">Administrateur
Système & Réseaux</font></font></p>
<p style="margin-bottom: 0cm; line-height: 0.1cm;"><font
color="#2323dc"><font face="Arial, sans-serif"><font
size="2"><a moz-do-not-send="true"
href="http://www.ixsea.com/"
target="_blank">http://www.ixsea.com/</a>
- <a moz-do-not-send="true"
href="mailto:cedric.lemarchand@ixsea.com"
target="_blank"><cedric.lemarchand@ixsea.com></a></font></font></font></p>
<p style="margin-bottom: 0cm; line-height: 0.1cm;"><font
face="Arial, sans-serif"><font size="2">Tel:
+33 1 30 08 8888 – GSM: +33 6 37 23 40 93</font></font></p>
</div>
</div>
</div>
<pre><fieldset></fieldset>
_______________________________________________
tinc mailing list
<div class="im"><a moz-do-not-send="true" href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a>
<a moz-do-not-send="true" href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
</div></pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
tinc mailing list<br>
<a moz-do-not-send="true" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a moz-do-not-send="true"
href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc"
target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
tinc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a>
<a class="moz-txt-link-freetext" href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
</pre>
</blockquote>
<br>
</body>
</html>