<div dir="ltr">when you say "home server" you want me to do this in tinc "histup" or somewhere else OR on the firewall?<div><br></div><div>similarly do i have to add route on the PC that runs the tinc daemon?</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">Regards<br>Ramesh</div></div>
<br><div class="gmail_quote">On Sun, Jan 15, 2017 at 8:57 AM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, Jan 12, 2017 at 09:27:45PM -0500, Ramesh wrote:<br>
<br>
> I have the following setup<br>
><br>
> Home - Main Tinc server with public IP running on PfSense<br>
> work - tinc client running behind a CISCO ASA firewall with public IP running on Windows 10<br>
> offsite - tinc client running on tomato router behind a double NAT<br>
><br>
> Home & offsite connect & i can see all PCs & devices & connect to them<br>
> easily, on either side<br>
><br>
> work to Home or offsite connects (see log below) but i'm unable to connect<br>
> or ping any of the PCs or devices on either side.<br>
<br>
</span>The main issue is how packets are routed. What I'm missing is your<br>
tinc-up scripts and for the Windows node, how the VPN interface is<br>
configured.<br>
<span class=""><br>
> work host<br>
> Subnet = <a href="http://192.168.1.66/32" rel="noreferrer" target="_blank">192.168.1.66/32</a><br>
</span>[...]<br>
> home config on host<br>
> Subnet = <a href="http://192.168.11.0/24" rel="noreferrer" target="_blank">192.168.11.0/24</a><br>
<br>
It looks like you have different subnets at work and home. You have to<br>
configure your home server to send packets for <a href="http://192.168.1.66/32" rel="noreferrer" target="_blank">192.168.1.66/32</a> to the<br>
VPN interface, and your work computer to send packets for<br>
<a href="http://192.168.11.0/24" rel="noreferrer" target="_blank">192.168.11.0/24</a> to its VPN interface.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</font></span><br>______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>