<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div>I have a three tinc server setup, similar to "4.3 How Connections Work" using the configuration mostly like</div><div><a href="http://ostolc.org/site-to-site-vpn-with-tinc.html" rel="nofollow" target="_blank">http://ostolc.org/site-to-site-vpn-with-tinc.html</a><br></div><div><br></div><div>The clients (Ubuntus, Debians and Windows 10s) can all ping (and SSH) to each other remotely.<br>As far as that is concerned it's working great - thanks so much for some great software.<br><br>However, on each of the Tinc servers (A and C) neither of them can ping other remote clients.<br>Of course, A and C can ping each other.</div><div><br></div><div>If I use tcpdump -nni tun0 icmp</div><div>I can see the echo packets leave the server, and on a remote client see the request received and the reply sent.<br>However the server never gets the reply.</div><div>It seems that on each server there is no internal routing between <span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">enp1s0 </span></span>and tun0 for IPs that are not server IPs</div><div><br></div><div>I guess I can live with such a limitation, but would still like to know why!!</div><div><br></div><div>Here's Server A config. Of course it's symmetrical so the other two will be similar.<br>B is a DigitalOcean Droplet</div><div><br></div><div>TINC.CONF</div><div><span><div>Name = A</div><div>AddressFamily = ipv4</div><div>ConnectTo = B</div><div>Device = /dev/net/tun</div><div>LocalDiscovery = yes</div></span></div><div><br></div><div><br></div><div>TINC-UP</div><div><span><div>ip link set $INTERFACE up</div><div>ip addr add 192.168.20.3/24 dev $INTERFACE</div><div>route add -net 192.168.14.0/24 gw 192.168.20.3<br></div><div>route add -net 192.168.6.0/24 gw 192.168.4.99</div></span><br></div><div>HOST A</div><div><span><div>Address = A.dyndns.org<br></div><div>Port = 655</div><div><br></div><div>##Subnet on the virtual private network that is local for this host.</div><div>Subnet = 192.168.4.0/24</div><div>Subnet = 192.168.6.0/24</div><div>Subnet = 192.168.20.3/32</div><div><br></div><div># The public key generated by `tincd -n example -K' is stored here</div><div>-----BEGIN RSA PUBLIC KEY-----</div><div>-----END RSA PUBLIC KEY-----<br></div></span><br></div><div>ROUTE TABLE on A</div><div><span><div>Kernel IP routing table</div><div>Destination Gateway Genmask Flags Metric Ref Use Iface</div><div>default 192.168.4.1 0.0.0.0 UG 100 0 0 enp1s0</div><div>link-local * 255.255.0.0 U 1000 0 0 enp1s0</div><div>192.168.4.0 * 255.255.255.0 U 100 0 0 enp1s0</div><div>192.168.6.0 192.168.4.99 255.255.255.0 UG 0 0 0 enp1s0</div><div>192.168.14.0 192.168.20.3 255.255.255.0 UG 0 0 0 tun0</div><div>192.168.20.0 * 255.255.255.0 U 0 0 0 tun0</div><div><br></div></span><br></div><div>The Net, <span>192.168.20.0 is one for TINC itself, where 192.168.20.3 is A, 192.168.20.2 is B and 192.168.20.1 is C<br>And I explicitly static route to it. (Doing it the way shown in other examples has same issue)</span></div><div><span><span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">Net 192.168.14.0 is the C local network<br></span></span><span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">Net 192.168.4.0 is the A local network (<span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">Net 192.168.6.0 is via another router with WAN IP of <span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">192.168.4.99<br></span></span></span></span></span></span>IP of A is <span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">192.168.4.30, IP of C is <span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">192.168.14.20</span></span></span></span></span></div><div><span><br></span></div><div>Only thing wrong is, for example</div><div>On A, ping 192.168.14.60 does not work<br>On C, ping 192.168.4.26 does not work<br>But on clients <span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">192.168.14.60 and <span><span style="color: rgb(0, 0, 0); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px;">192.168.4.26 can ping each other.</span></span></span></span><br><br>All firewalls are off, and iptables flushed<br><br></div><div>Very puzzling!!<br>John<br><br></div></div></body></html>