<div dir="ltr"><div><div><div><div><div><div>
<span lang="EN-AU">Static IP: 192.168.3.1 / Subnet mask 255.255.0.0</span>
your tinc subnet overlaps both of your lan subnets, <a href="http://192.168.0.0/16">192.168.0.0/16</a> (255.255.0.0) will see <a href="http://192.168.1.1/24">192.168.1.1/24</a> (255.255.255.0) and <a href="http://192.168.0.1/24">192.168.0.1/24</a> as part of its network. move tinc to a clear subnet, then add a route to both lan gateways to use the tinc box to reach the other lan.<br></div>ie<br></div>static route on 192.168.0.1<br></div>host <a href="http://192.168.1.0/24">192.168.1.0/24</a> gateway (tinc box on <a href="http://192.168.0.0/24">192.168.0.0/24</a> LAN ip)<br><br></div>static route on 192.168.1.1<br></div>host <a href="http://192.168.0.0/24">192.168.0.0/24</a> gateway (tinc box on
192.168.1.
0/24 LAN ip)<br><br></div>once both sides know how to reach each other, pinging both directions should work so long as the tinc tunnel connects.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 11, 2018 at 5:01 AM, <span dir="ltr"><<a href="mailto:lx.mayer@chello.at" target="_blank">lx.mayer@chello.at</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="#0563C1" vlink="#954F72" lang="DE-AT"><div class="m_8105891144895463053WordSection1"><p class="MsoNormal"><span lang="EN-AU">Hi all,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">After having read most of the available documentation I still have got problems interconnecting two networks in router mode:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">My configuration consists of two private home networks that I want to connect:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Vienna <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a> - Internet gateway 192.168.0.1<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Berlin <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> - Internet gateway 192.168.1.1<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">VPN Devices are configured as 192.168.3.1 (Vienna) and 192.168.3.2 (Berlin) mask 255.255.0.0<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Tinc (1.1pre 15) is running on 192.168.0.2 (Windows) and on 192.168.1.4 (Debian, Raspberry)<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">IP forwarding is activated on the Windows PC (HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Tcpip\ Parameters) and the Raspberry (net.ipv4.ip_forward = 1).<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Port forwarding for port 54321 is enabled on both routers.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Configuration files:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">NodeVienna:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">tinc.conf:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Name = NodeVienna<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">ConnectTo = NodeBerlin<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Interface = vpn-dev<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">AddressFamily = ipv4<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">PrivateKeyFile=C:\Program Files\tinc\MyTincVPN\rsa_key.<wbr>priv<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Mode = router<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">IP config for the TAP-device (Version Windows 9.21.2) vpn-dev:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Static IP: 192.168.3.1 / Subnet mask 255.255.0.0<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Firewall exception in place for tinc.exe <u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">NodeBerlin:<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">Tinc.conf<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">Device=/dev/net/tun<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">Interface=MyTincVPN-dev<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Mode=router<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Name=NodeBerlin<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">AddressFamily=ipv4<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">PrivateKeyFile=/etc/tinc/<wbr>MyTincVPN/rsa_key.priv<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">ConnectTo=NodeVienna<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">tinc-up:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">#!/bin/sh<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">ifconfig $INTERFACE 192.168.3.2 netmask 255.255.0.0<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Host files:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Node Vienna:<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Address=213.x.y.z <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Port=54321<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Subnet=<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Compression=9<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">-----BEGIN RSA PUBLIC KEY-----<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">[removed]<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">-----END RSA PUBLIC KEY-----<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">NodeBerlin:<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">Address=<a href="http://xxxxx.ddns.net" target="_blank">xxxxx.ddns.net</a><u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">Port=54321<u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">Subnet=<a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><u></u><u></u></span></p><p class="MsoNormal"><span lang="FR">Compression=9<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">-----BEGIN RSA PUBLIC KEY-----<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">[removed]<u></u><u></u></span></p><p class="MsoNormal">-----END RSA PUBLIC KEY-----<u></u><u></u></p><p class="MsoNormal"><span lang="EN-AU">---------------<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Current issue: <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">According to the logs (level 5) both nodes are connected, there is a lot of traffic between them (and looks good): <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">On both machines (192.168.0.2 & 192.168.1.4) it is possible to ping the local VPN IP (192.168.3.1 and 192.168.3.2). A ping to the other VPN results in a timeout.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">On 192.168.0.2 a ping to 192.168.3.1 works, a ping to192.168.3.2 generates a time out.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">On 192.168.1.4 a ping to 192.168.3.2 works, a ping to192.168.3.2 results in destination net nor reachable.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Below I attached the routing tables. <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">It seems to be a routing issue (I found no config example with the same layout).<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Thanks in advance for any comment/help.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">Alexander <u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal">IPv4-Routing Tables for 192.168.0.2<u></u><u></u></p><p class="MsoNormal">==============================<wbr>==============================<wbr>===============<u></u><u></u></p><p class="MsoNormal">Aktive Routen:<u></u><u></u></p><p class="MsoNormal"> <span lang="EN-AU">Dest mask Gateway Interface metrik<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"> </span>0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25<u></u><u></u></p><p class="MsoNormal"> 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331<u></u><u></u></p><p class="MsoNormal"> 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331<u></u><u></u></p><p class="MsoNormal"> 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331<u></u><u></u></p><p class="MsoNormal"> 192.168.0.0 255.255.0.0 Auf Verbindung 192.168.3.1 291<u></u><u></u></p><p class="MsoNormal"> 192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.2 281<u></u><u></u></p><p class="MsoNormal"> 192.168.0.2 255.255.255.255 Auf Verbindung 192.168.0.2 281<u></u><u></u></p><p class="MsoNormal"> 192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.2 281<u></u><u></u></p><p class="MsoNormal"> 192.168.3.1 255.255.255.255 Auf Verbindung 192.168.3.1 291<u></u><u></u></p><p class="MsoNormal"> 192.168.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291<u></u><u></u></p><p class="MsoNormal"> 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331<u></u><u></u></p><p class="MsoNormal"> 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.3.1 291<u></u><u></u></p><p class="MsoNormal"> 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.2 281<u></u><u></u></p><p class="MsoNormal"> 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331<u></u><u></u></p><p class="MsoNormal"> 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291<u></u><u></u></p><p class="MsoNormal"> 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.2 281<u></u><u></u></p><p class="MsoNormal"><span lang="EN-AU">==============================<wbr>==============================<wbr>===============<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><div style="border:none;border-bottom:double windowtext 2.25pt;padding:0cm 0cm 1.0pt 0cm"><p class="MsoNormal" style="border:none;padding:0cm"><span lang="EN-AU">Routing table for 192.168.1.4<u></u><u></u></span></p></div><p class="MsoNormal">Kernel-IP-Routentabelle<u></u><u></u></p><p class="MsoNormal">Ziel Router Genmask Flags Metric Ref Use Iface<u></u><u></u></p><p class="MsoNormal">default 192.168.1.1 0.0.0.0 UG 303 0 0 wlan0<u></u><u></u></p><p class="MsoNormal">192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 MyTincVPN-dev<u></u><u></u></p><p class="MsoNormal"><span lang="EN-AU">192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU">===<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p></div><div id="m_8105891144895463053DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid #d3d4de">
<tbody><tr>
<td style="width:55px;padding-top:18px"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" style="width:46px;height:29px" width="46" height="29"></a></td>
<td style="width:470px;padding-top:17px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virenfrei. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" style="color:#4453ea" target="_blank">www.avast.com</a> </td>
</tr>
</tbody></table>
<a href="#m_8105891144895463053_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></div><br>______________________________<wbr>_________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-<wbr>bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br></div>