<div dir="ltr">hi.<div><br></div><div>Are you add only <a href="http://0.0.0.0/1">0.0.0.0/1</a> as route, not <a href="http://128.0.0.0/1">128.0.0.0/1</a> too?</div><div>Did you tried to add route to 5.6.7.8 via C with lesser metric then via B?<br></div><div><br></div><div>If you have to add static routes only on a few servers, you can add them to the $HOST-up scripts.</div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 29, 2016 at 11:12 AM, Zhang Jun <span dir="ltr"><<a href="mailto:gb2313@gmail.com" target="_blank">gb2313@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>my network:<br><br></div>local pc(192.168.1.2)-->openwrt_adsl_router A(<a href="http://192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24" target="_blank">192.168.1.1/24&11.22.33.44pppoe&10.10.10.1/24</a> tinc)<---remote B:<a href="http://10.10.20.1/24" target="_blank">10.10.20.1/24</a><br> ^<br> |<br></div> remote C:<a href="http://10.10.0.1/24" target="_blank">10.10.0.1/24</a><br><div><div><br><br></div><div>all running tinc 1.0.x,<br><br></div><div>ADSL router runs as a "server"(only one tinc instance), listening on some port,<br></div><div>client B and C connect to ADSL router,<br></div><div>from my pc I need to:<br>1. Access B's subnet <a href="http://192.168.50.1/24" target="_blank">192.168.50.1/24</a><br></div><div>2. Access some WAN websites via C<br></div><div>3. no traffic between B and C<br></div><div>4. other traffic goes to pppoe interface by default<br></div><div><br></div><div>here are the config files:<br></div><div>A: router<br><br>tincd.conf:<br>device = /dev/net/tun<br>name = vpn<br>interface = vpn<br>addressFamilay = ipv4<br><br>##<br>Address=<a href="http://xxx.dyndns.org" target="_blank">xxx.dyndns.org</a><br>Port=xxx port<br>subnet=<a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a><br>Subnet=<a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br><br></div><div>##tinc-up:<br></div><div>ifconfig vpn <a href="http://10.10.10.1/24" target="_blank">10.10.10.1/24</a> up<br></div><div>route add -host 10.10.0.1 dev vpn<br></div><div>route add -net <a href="http://10.10.0.0/24" target="_blank">10.10.0.0/24</a> gw 10.10.0.1<br><br></div><div>route add -host 10.10.20.1 dev vpn<br></div><div>route add -net <a href="http://10.10.20.0/24" target="_blank">10.10.20.0/24</a> gw 10.10.20.1<br></div><div>route add -net <a href="http://192.168.50.0/24" target="_blank">192.168.50.0/24</a> gw 10.10.20.1 (requirement .1)<br><br></div><div>route add -net many websites networks gw 10.10.0.1 (requirement .2)<br></div><div>...<br>###########################<br></div><div>B:<br>connectTo=vpn<br>##<br>Subnet=<a href="http://10.10.20.0/24" target="_blank">10.10.20.0/24</a><br>Subnet=<a href="http://192.168.50.0/24" target="_blank">192.168.50.0/24</a><br><br>##<br></div><div>ifconfig Binc <a href="http://10.10.20.1/24" target="_blank">10.10.20.1/24</a> up<br>route add -host 10.10.10.1 dev Binc<br></div><div>route add -net <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a> gw 10.10.10.1<br></div><div>route add -net <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> gw 10.10.10.1<br></div><div>echo "1" > /proc/sys/net/ipv4/ip_forward<br>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br><br>###########################<br></div><div>C:<br>connectTo=vpn<br>##<br></div><div>Subnet=<a href="http://10.10.0.0/24" target="_blank">10.10.0.0/24</a><br></div><div>Subnet=<a href="http://0.0.0.0/1" target="_blank">0.0.0.0/1</a> ----------> this line only exists in server C:/etc/tinc/hosts/C, but I guess it can be learned by router node<br><br>##<br></div><div>ifconfig Cinc <a href="http://10.10.0.1/24" target="_blank">10.10.0.1/24</a> up<br>route add -host 10.10.10.1 dev Cinc<br>route add -net <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> gw 10.10.10.1<br>echo "1" > /proc/sys/net/ipv4/ip_forward<br>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br><br>########################<br></div><div>router has B and C host files, B don't have C's and C don't have B's host file<br><br></div><div>this works fine for me,<br><br></div><div>but today, I need to access a WAN server(5.6.7.8) via B, so I added a route:<br></div><div>route add -host 5.6.7.8 gw 10.10.20.1 (B)<br></div><div>I thought it should work like other routes, but the traffic still goes through C,<br></div><div>after examine the config, I think the problem maybe because of only C has "Subnet=<a href="http://0.0.0.0/1" target="_blank">0.0.0.0/1</a>"<br><br></div><div>my questions are:<br>1. why packet has route with default gw to B can be routed to C ? is it right behavior?<br></div><div>2. how to route 5.6.7.8 via B ? add "Subnet=<a href="http://0.0.0.0/1" target="_blank">0.0.0.0/1</a>" to B's host file ?<br></div><div>I have some trouble to test this now, because B is not easy to access,(best way is let it connect to me)<br></div><div>also, even this way works, I don't want other networks's traffic(added route for C) goes through B, or randomly. <br></div><div>3. I removed "Subnet=<a href="http://0.0.0.0/1" target="_blank">0.0.0.0/1</a>" from C, then all route(to WAN) via B/C not work anymore, is there anyway to<br></div><div>let those "route add (WAN networks) gw 10.10.0.1" works without the "Subnet=<a href="http://0.0.0.0/1" target="_blank">0.0.0.0/1</a>" ?<br><br><br></div><div><br></div><div><br></div></div></div>
<br>_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">brgds<br>Maxim Vorontsov<br></div></div></div></div></div></div>
</div>