<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Guus,<br>
<br>
That did the trick!! Everything seems to be working perfectly now.<br>
<br>
I love it when a bang my head against a problem for a week and then
the solution turns out to be so simple :)<br>
<br>
Thanks very much for your time!<br>
<br>
Eric<br>
<br>
<br>
<br>
<br>
On 08/15/2012 04:12 PM, Guus Sliepen wrote:
<blockquote cite="mid:20120815211234.GM16174@sliepen.org"
type="cite">
<pre wrap="">On Wed, Aug 15, 2012 at 03:12:37PM -0500, Eric Wiggins wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I'm trying to set up a Tinc VPN between two KVM host machines so
that a VM on one host can communicate with a VM on the other host.
</pre>
</blockquote>
<pre wrap="">[...]
</pre>
<blockquote type="cite">
<pre wrap="">At this point, Tinc seems to work. Pings from host1 to 10.90.42.242
are replied to, and pings from host2 to 10.90.41.241 are replied to.
Now to set up networking for the VMs...
My first thought was to simply bridge the VM connection to the VPN
interface.
</pre>
</blockquote>
<pre wrap="">[...]
</pre>
<blockquote type="cite">
<pre wrap="">Restarted Tincd on both hosts and tried my pings again. They worked,
so I tried to bridge the new tun0 device.
[root@host1 test]# brctl addif br0 tun0
can't add tun0 to bridge br0: Invalid argument
</pre>
</blockquote>
<pre wrap="">
The reason for this is indeed that tinc creates a tun interface, which does not
work in a bridge.
</pre>
<blockquote type="cite">
<pre wrap="">No dice, again. So I tried to specify as a tap device in tinc.conf:
host1 tinc.conf:
Name = host1
DeviceType = tap
Interface = tap0
ConnectTo = host2
</pre>
</blockquote>
<pre wrap="">[...]
</pre>
<blockquote type="cite">
<pre wrap="">So it looks like the ping is actually getting from host1 to host2,
but host2 doesn't realize it's there. WTH?
</pre>
</blockquote>
<pre wrap="">
The reason is that tinc is still in router mode. You should not use the
DeviceType option, but rather use "Mode = switch". This will automatically
create a tap interface and will let tinc act like a network switch. That should
resolve your problems.
However, depending on what you want exactly, you can also do without tap
devices at all. Since version 1.0.17, tinc has the ability to connect to a VDE
switch. KVM can do so as well. So you can set up a VDE switch and have both
tinc and KVM use that. You still want to run tinc in switch mode in that case.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
tinc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a>
<a class="moz-txt-link-freetext" href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
</pre>
</blockquote>
</body>
</html>