<div dir="ltr"><div><div>
<div><div><div><div><div><div><div><div><div><div><div><div>Me and my
son are running Tinc over 5 nodes, 3 of them got public address and we
using them as server. Each node has its own Lan subnet <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a>.
Originally we ran network on Openwrt routers with Tinc many years
without any problem, but due to limited RAM on routes and change of one
router to not Openwrt supported model, we decided to transfer Tinc
installation on Raspberry Pi-s in LAN.<br></div>In this configuration we experienced following problem:<br>Some LAN hosts became unreachable. Example:<br></div>Setup is following: Router <br><small><strong>Type: </strong>static<br><strong>Address: </strong>192.168.2.250<br><strong>Netmask: </strong>255.255.255.0<br><strong>Gateway: </strong>192.168.88.</small>
1
has static route set for LAN :<br> Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>0.0.0.0 192.168.88.1 0.0.0.0 UG 0 0 0 eth1<br>192.168.0.0 192.168.2.5 255.255.0.0 UG 0 0 0 br-lan<br>192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan<br>192.168.88.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1<br></div>where 192.168.2.5 is raspi with tinc .<br><br></div>Tinc routing table follows:Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>0.0.0.0 192.168.2.250 0.0.0.0 UG 202 0 0 eth0<br>192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 mojtinc<br>192.168.2.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0<br><br></div>Some (or all other LAN) hosts are unreachable until policy based routing added:<br>
sudo ip rule add from <a href="http://192.168.0.0/16" rel="noreferrer" target="_blank">192.168.0.0/16</a> dev mojtinc table 1
<br>
sudo ip route add <a href="http://192.168.7.0/24" rel="noreferrer" target="_blank">192.168.2.0/24</a> via 192.168.2.5 dev eth0 table 1
<br><br></div>which sometimes caused that hosts previously reachable are out. Additionally we put policy based routing in in tinc-up:<br>#!/bin/sh<br>ifconfig $INTERFACE 192.168.2.5 netmask 255.255.0.0<br>ip rule add from <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a> dev $INTERFACE table 1<br>ip route add <a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a> via 192.168.2.250 proto static dev eth0 table 1<br><br></div>but it si lost after some time (not after reboot)and is working just some hours after Tinc restart.<br><br></div>We are suspicious that the problem is connected to following behavior:<br></div>Connect
to the host in other Tinc is routed by router 192.168.2.250 to raspi
192.168.2.5 interface tinc (mojtinc) and go further to other raspi in
remote LAN. Input is coming directly to Tinc interface in my Raspi
192.168.2.5 and then directly to host in LAN. It means it is triangle
and it fails on some clients.<br></div>That was the reason to introduce this policy based routing as work around.<br></div>I am afraid we are on the wrong path.<br></div>Any ideas?<br><br></div>Many thanks in advance.<br></div>Regards <br>Kveto<br><div><br><br><div><div><div><div><div><div><div><br><div><br>
<h2 id="gmail-m_2150676316843177942gmail-:1xg" class="gmail-m_2150676316843177942gmail-hP"><br></h2></div></div></div></div></div></div></div>
<br></div></div></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:18px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
<td style="width:470px;padding-top:17px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Bez virů. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avg.com</a> </td>
</tr>
</table>
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div>