Hello,<br />
<br />
I have a question about tinc for android.<br />
<br />
I got this working on my 4.1 tablet my 2.37 x10 pro but on my 4.4.2 acer e700 I cannot get it to work.<br />
<br />
When I start tinc it connects to my server at home.<br />
<br />
The tap0 device on the phone is up and gets assigned the proper IP.<br />
<br />
When I run a ping to my home system and run a tcpdump on the tinc network at home and on my phone I see the the home system receiving and also answering.<br />
<br />
(.11 is the phone .1 is my home server)<br />
<br />
root@acer_e39:/usr/local/etc/tinc/dandy_net # tcpdump -n -i tap0<br />
20:50:50.983057 IP6 fe80::a092:4683:3b03:f362.546 > ff02::1:2.547: dhcp6 solicit<br />
20:50:55.121648 arp who-has 192.168.233.1 tell 192.168.233.11<br />
20:50:55.122600 arp reply 192.168.233.1 is-at 16:2f:4e:e2:5f:51<br />
20:50:55.122652 IP 192.168.233.11 > 192.168.233.1: ICMP echo request, id 24, seq 1, length 64<br />
20:50:55.259035 IP 192.168.233.1 > 192.168.233.11: ICMP echo reply, id 24, seq 1, length 64<br />
20:50:56.125187 IP 192.168.233.11 > 192.168.233.1: ICMP echo request, id 24, seq 2, length 64<br />
20:50:56.253012 IP 192.168.233.1 > 192.168.233.11: ICMP echo reply, id 24, seq 2, length 64<br />
<br />
So the reply does arrive on my phone but the ping command is not seeing it.<br />
<br />
Also when I telnet to an other ip at port 80 on my home net it also get routed via the tinc network and arrives at my webserver at home and a reply is send and also apears on the tap0 device (at home and on the phone) but telnet never receives it.<br />
<br />
Iptables -L -n looks like it does not block anyhing (though I am used to reading iptable-save output but I do not have iptables-save on my phone.)<br />
Flushing iptables does not help either.<br />
<br />
Selinux is not enabled.<br />
<br />
I think I got everything setup correctly since in my experience with tinc on linux systems once you see packets on the tinc interface things work.<br />
<br />
I do not think routing is the problem since ping really send packets to the other side en the answers arrive at tap0.<br />
<br />
Anyway I suspect tinc works fine and it has something to do with android.<br />
<br />
Any suggestions, hints or tips are welcome.<br />
<br />
Regards,<br />
<br />
Hans de Groot<br />
<br />
<br />
<br />
<br />
--<br />
1|root@acer_e39:/usr/local/etc/tinc/dandy_net/hosts # iptables -L -n<br />
Chain INPUT (policy ACCEPT)<br />
target prot opt source destination<br />
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0<br />
<br />
Chain FORWARD (policy ACCEPT)<br />
target prot opt source destination<br />
<br />
Chain OUTPUT (policy ACCEPT)<br />
target prot opt source destination<br />
<br />
Chain bw_FORWARD (0 references)<br />
target prot opt source destination<br />
<br />
Chain bw_INPUT (0 references)<br />
target prot opt source destination<br />
<br />
Chain bw_OUTPUT (0 references)<br />
target prot opt source destination<br />
<br />
Chain bw_costly_ccmni0 (0 references)<br />
target prot opt source destination<br />
bw_penalty_box all -- 0.0.0.0/0 0.0.0.0/0<br />
REJECT all -- 0.0.0.0/0 0.0.0.0/0 ! quota ccmni0: 1007899331082 bytes reject-with icmp-port-unreachable<br />
<br />
Chain bw_costly_shared (0 references)<br />
target prot opt source destination<br />
<br />
Chain bw_happy_box (0 references)<br />
target prot opt source destination<br />
<br />
Chain bw_penalty_box (1 references)<br />
target prot opt source destination<br />
<br />
Chain firewall (0 references)<br />
target prot opt source destination<br />
<br />
Chain fw_FORWARD (0 references)<br />
target prot opt source destination<br />
<br />
Chain fw_INPUT (0 references)<br />
target prot opt source destination<br />
<br />
Chain fw_OUTPUT (0 references)<br />
target prot opt source destination<br />
<br />
Chain mobile (0 references)<br />
target prot opt source destination<br />
<br />
Chain natctrl_FORWARD (0 references)<br />
target prot opt source destination<br />
<br />
Chain natctrl_tether_counters (0 references)<br />
target prot opt source destination<br />
<br />
Chain oem_fwd (0 references)<br />
target prot opt source destination<br />
<br />
Chain oem_out (0 references)<br />
target prot opt source destination<br />
<br />
Chain st_filter_OUTPUT (0 references)<br />
target prot opt source destination<br />
<br />
Chain wifi (0 references)<br />
target prot opt source destination<br />
<br />
----------------------------<br />
<br />
<br />
<br />
Hosts:<br />
e700 is my phone, koffie is my server at home<br />
e700: (tincd 1.0.21)<br />
-----<br />
Cipher = blowfish<br />
Compression = 1<br />
Digest = sha1<br />
IndirectData = yes<br />
Port = 655<br />
Subnet = 192.168.233.11/32<br />
TCPonly = yes<br />
<br />
-----BEGIN RSA PUBLIC KEY-----<br />
-----END RSA PUBLIC KEY-----<br />
<br />
koffie: (tincd 1.0.23)<br />
Address = ****.*******.nl<br />
Cipher = blowfish<br />
Compression = 1<br />
Digest = sha1<br />
IndirectData = Yes<br />
Port = 655<br />
PMTUDiscovery = yes<br />
Subnet = 192.168.233.0/24<br />
Subnet = 192.168.233.1/32<br />
Subnet = 192.168.0.0/24<br />
Subnet = 192.168.1.0/24<br />
TCPonly = yes<br />
-----BEGIN RSA PUBLIC KEY-----<br />
-----END RSA PUBLIC KEY-----<br />
<br />
tinc.conf<br />
AddressFamily = ipv4<br />
Name = e700<br />
ConnectTo = koffie<br />
Device =/dev/tun<br />
DeviceType = tap<br />
Interface = tap0<br />
Hostnames = No<br />
Mode = router<br />
KeyExpire = 3600<br />
PingInterval = 10<br />
PingTimeout = 10<br />
ScriptsInterpreter = /system/bin/sh<br />
<br />
tinc-up<br />
ifconfig $INTERFACE 192.168.233.11<br />
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.233.1<br />
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.233.1<br />
<br />
(I did try with the echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter line but that did not help)<br />
<br />
ifconfig:<br />
ccmni0 Link encap:Ethernet HWaddr 6E:49:20:F9:86:BF<br />
inet addr:10.56.86.196 Mask:255.0.0.0<br />
UP RUNNING NOARP MTU:1500 Metric:1<br />
RX packets:325845 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:277353 errors:182 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000<br />
RX bytes:302269310 (288.2 MiB) TX bytes:38991014 (37.1 MiB)<br />
<br />
lo Link encap:Local Loopback<br />
inet addr:127.0.0.1 Mask:255.0.0.0<br />
inet6 addr: ::1/128 Scope:Host<br />
UP LOOPBACK RUNNING MTU:16436 Metric:1<br />
RX packets:96537 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:96537 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:0<br />
RX bytes:426937185 (407.1 MiB) TX bytes:426937185 (407.1 MiB)<br />
<br />
tap0 Link encap:Ethernet HWaddr 16:2F:4E:E2:5F:AE<br />
inet addr:192.168.233.11 Bcast:192.168.233.255 Mask:255.255.255.0<br />
inet6 addr: fe80::142f:4eff:fee2:5fae/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:167 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:500<br />
RX bytes:45622 (44.5 KiB) TX bytes:804 (804.0 B)<br />
<br />
wlan0 Link encap:Ethernet HWaddr 54:14:73:1A:00:41<br />
UP BROADCAST MULTICAST MTU:1500 Metric:1<br />
RX packets:687567 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:457654 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000<br />
RX bytes:656003791 (625.6 MiB) TX bytes:61799604 (58.9 MiB)<br />
<br />
130|root@acer_e39:/usr/local/etc/tinc/dandy_net # route<br />
Kernel IP routing table<br />
Destination Gateway Genmask Flags Metric Ref Use Iface<br />
default 10.56.86.196 0.0.0.0 UG 0 0 0 ccmni0<br />
10.56.86.196 * 255.255.255.255 UH 0 0 0 ccmni0<br />
192.168.0.0 192.168.233.1 255.255.255.0 UG 0 0 0 tap0<br />
192.168.1.0 192.168.233.1 255.255.255.0 UG 0 0 0 tap0<br />
192.168.233.0 * 255.255.255.0 U 0 0 0 tap0<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />