<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.E-MailFormatvorlage18
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE-AT link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-AU>Hi all,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>After having read most of the available documentation I still have got problems interconnecting two networks in router mode:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>My configuration consists of two private home networks that I want to connect:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Vienna 192.168.0.0/24 - Internet gateway 192.168.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Berlin 192.168.1.0/24 - Internet gateway 192.168.1.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>VPN Devices are configured as 192.168.3.1 (Vienna) and 192.168.3.2 (Berlin) mask 255.255.0.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Tinc (1.1pre 15) is running on 192.168.0.2 (Windows) and on 192.168.1.4 (Debian, Raspberry)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>IP forwarding is activated on the Windows PC (HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Tcpip\ Parameters) and the Raspberry (net.ipv4.ip_forward = 1).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Port forwarding for port 54321 is enabled on both routers.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Configuration files:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>NodeVienna:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>tinc.conf:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Name = NodeVienna<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>ConnectTo = NodeBerlin<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Interface = vpn-dev<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>AddressFamily = ipv4<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>PrivateKeyFile=C:\Program Files\tinc\MyTincVPN\rsa_key.priv<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Mode = router<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>IP config for the TAP-device (Version Windows 9.21.2) vpn-dev:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Static IP: 192.168.3.1 / Subnet mask 255.255.0.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Firewall exception in place for tinc.exe <o:p></o:p></span></p><p class=MsoNormal><span lang=FR>--<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>NodeBerlin:<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Tinc.conf<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>--<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Device=/dev/net/tun<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Interface=MyTincVPN-dev<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Mode=router<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Name=NodeBerlin<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>AddressFamily=ipv4<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>PrivateKeyFile=/etc/tinc/MyTincVPN/rsa_key.priv<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>ConnectTo=NodeVienna<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>tinc-up:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>#!/bin/sh<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>ifconfig $INTERFACE 192.168.3.2 netmask 255.255.0.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Host files:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Node Vienna:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Address=213.x.y.z <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Port=54321<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Subnet=192.168.0.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Compression=9<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>-----BEGIN RSA PUBLIC KEY-----<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>[removed]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>-----END RSA PUBLIC KEY-----<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>NodeBerlin:<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>--<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Address=xxxxx.ddns.net<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Port=54321<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Subnet=192.168.1.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=FR>Compression=9<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>-----BEGIN RSA PUBLIC KEY-----<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>[removed]<o:p></o:p></span></p><p class=MsoNormal>-----END RSA PUBLIC KEY-----<o:p></o:p></p><p class=MsoNormal><span lang=EN-AU>---------------<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Current issue: <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>According to the logs (level 5) both nodes are connected, there is a lot of traffic between them (and looks good): <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>On both machines (192.168.0.2 & 192.168.1.4) it is possible to ping the local VPN IP (192.168.3.1 and 192.168.3.2). A ping to the other VPN results in a timeout.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>On 192.168.0.2 a ping to 192.168.3.1 works, a ping to192.168.3.2 generates a time out.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>On 192.168.1.4 a ping to 192.168.3.2 works, a ping to192.168.3.2 results in destination net nor reachable.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Below I attached the routing tables. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>It seems to be a routing issue (I found no config example with the same layout).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Thanks in advance for any comment/help.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Alexander <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal>IPv4-Routing Tables for 192.168.0.2<o:p></o:p></p><p class=MsoNormal>===========================================================================<o:p></o:p></p><p class=MsoNormal>Aktive Routen:<o:p></o:p></p><p class=MsoNormal> <span lang=EN-AU>Dest mask Gateway Interface metrik<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU> </span>0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25<o:p></o:p></p><p class=MsoNormal> 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331<o:p></o:p></p><p class=MsoNormal> 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331<o:p></o:p></p><p class=MsoNormal> 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331<o:p></o:p></p><p class=MsoNormal> 192.168.0.0 255.255.0.0 Auf Verbindung 192.168.3.1 291<o:p></o:p></p><p class=MsoNormal> 192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.2 281<o:p></o:p></p><p class=MsoNormal> 192.168.0.2 255.255.255.255 Auf Verbindung 192.168.0.2 281<o:p></o:p></p><p class=MsoNormal> 192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.2 281<o:p></o:p></p><p class=MsoNormal> 192.168.3.1 255.255.255.255 Auf Verbindung 192.168.3.1 291<o:p></o:p></p><p class=MsoNormal> 192.168.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291<o:p></o:p></p><p class=MsoNormal> 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331<o:p></o:p></p><p class=MsoNormal> 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.3.1 291<o:p></o:p></p><p class=MsoNormal> 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.2 281<o:p></o:p></p><p class=MsoNormal> 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331<o:p></o:p></p><p class=MsoNormal> 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291<o:p></o:p></p><p class=MsoNormal> 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.2 281<o:p></o:p></p><p class=MsoNormal><span lang=EN-AU>===========================================================================<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>--<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><div style='mso-element:para-border-div;border:none;border-bottom:double windowtext 2.25pt;padding:0cm 0cm 1.0pt 0cm'><p class=MsoNormal style='border:none;padding:0cm'><span lang=EN-AU>Routing table for 192.168.1.4<o:p></o:p></span></p></div><p class=MsoNormal>Kernel-IP-Routentabelle<o:p></o:p></p><p class=MsoNormal>Ziel Router Genmask Flags Metric Ref Use Iface<o:p></o:p></p><p class=MsoNormal>default 192.168.1.1 0.0.0.0 UG 303 0 0 wlan0<o:p></o:p></p><p class=MsoNormal>192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 MyTincVPN-dev<o:p></o:p></p><p class=MsoNormal><span lang=EN-AU>192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br /> <table style="border-top: 1px solid #D3D4DE;">
<tr>
<td style="width: 55px; padding-top: 18px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
<td style="width: 470px; padding-top: 17px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virenfrei. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank" style="color: #4453ea;">www.avast.com</a> </td>
</tr>
</table>
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body></html>