<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Thanks for pointing me in the right direction. I do have access to
the gateway. Was as simple as adding a static route to the gateway
just like you said (tomato has this available in the gui).
Bi-directional subnet traffice working perfectly.<br>
<br>
thanks,<br>
Lance<br>
<br>
<div class="moz-cite-prefix">On 10/6/2013 7:46 AM, Guus Sliepen
wrote:<br>
</div>
<blockquote cite="mid:20131006134646.GQ30160@sliepen.org"
type="cite">
<pre wrap="">On Sat, Oct 05, 2013 at 03:42:49PM -0600, Lance Fredrickson wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I run tinc on a series of routers running 3rd party firmware
(tomato). Since tinc is running on the gateway device, its routing
table is aware of the mesh vpn. At each endpoint, any device one
subnet can access any device on another subnet.
I now have the situation where I need to make a new endpoint and
entire subnet available on the mesh. In this situation I have a
device running tinc that is behind nat, so it is not the gateway
device. Currently I can access the single machine, but I don't have
access to the entire subnet.
i've enable ip forwarding on the device running tinc by editing
/etc/sysctl.conf. I suppose I need to add some sort of rule to the
router/gateway device to know where to send requests bound for the
mesh, but I'm not sure how to do this.
</pre>
</blockquote>
<pre wrap="">
You should add a route to the gateway that directs all traffic for your mesh to
the LAN IP address of the device running tinc. How you should add a route
depends on what kind of gateway device you have.
If it is not possible to add a route on the gateway, then your best option is
to let the device running tinc masquerade traffic from the mesh to the LAN.
That will allow computers in the mesh access the LAN, but not the other way
around.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
tinc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a>
<a class="moz-txt-link-freetext" href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a>
</pre>
</blockquote>
<br>
</body>
</html>