<div dir="ltr"><div dir="ltr">In most howtos it is instructed to enable port forwarding with 'echo 1 > /proc/sys/net/ipv4/ip_forward', but they don't say it's not permanent... So it was gone when I rebooted the machine.</div><div dir="ltr"><br></div><div>I then disabled the firewall on the VPN_office machine... And it works! If obviously VPN_out must be highly secured, I guess there is no problem to disable the firewall on VPN_office? Everything is blocked on our LAN router.I don't understand why it was on in first place as I did not enable it.</div><div><br></div><div>Thanks you very much Lars for your kind help. Although I browsed a lot of help pages and howto, I did not find any that was actually telling the *full* right set of instructions.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le mar. 15 janv. 2019 à 21:09, Lars Kruse <<a href="mailto:lists@sumpfralle.de">lists@sumpfralle.de</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Julien,<br>
<br>
<br>
Am Tue, 15 Jan 2019 16:33:26 +0100<br>
schrieb Julien dupont <<a href="mailto:marcelvierzon@gmail.com" target="_blank">marcelvierzon@gmail.com</a>>:<br>
<br>
> ip_forward was not enabled, now it is.<br>
<br>
a good step forward :)<br>
<br>
(you should do this permanently via /etc/sysctl.d/)<br>
<br>
<br>
> 'iptables -L -vn' yields:<br>
> [..]<br>
<br>
OK. The output tells us, that there are firewall rules.<br>
Now you should take a look at your firewall configuration file. There you will<br>
need to allow traffic from your tinc network into your office network. Maybe<br>
you want to restrict this to certain IPs or ports.<br>
<br>
As soon as your firewall rules allow forward traffic to your target, you can<br>
check, whether these packets arrive and maybe where the response packets get<br>
lost.<br>
<br>
Cheers,<br>
Lars<br>
_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org" target="_blank">tinc@tinc-vpn.org</a><br>
<a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" rel="noreferrer" target="_blank">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
</blockquote></div>