X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=examples%2Fsimple-bridging-with-dhcp-client-side.mdwn;h=ddd0c53f11de52d700e8ca9eb6a1605bdfee0d26;hb=96fb70cb5ebb5338d90d3d2d97405e5468efa71f;hp=0f6c027e049a32ee85e53f2708eee6b656626455;hpb=a3d917833a1c76986695b91e2bf94540fbf46c05;p=wiki diff --git a/examples/simple-bridging-with-dhcp-client-side.mdwn b/examples/simple-bridging-with-dhcp-client-side.mdwn index 0f6c027..ddd0c53 100644 --- a/examples/simple-bridging-with-dhcp-client-side.mdwn +++ b/examples/simple-bridging-with-dhcp-client-side.mdwn @@ -1,326 +1,326 @@ -> [[!meta title="simple-bridging-with-dhcp-client-side"]] -> -> # Company: PowerCraft Technology -> # Author: Copyright Jelle de Jong -> # Note: Please send me an email if you enhanced the document -> # Date: 2010-05-24 / 2010-07-04 -> # License: CC-BY-SA -> -> # This document is free documentation; you can redistribute it and/or -> # modify it under the terms of the Creative Commons Attribution Share -> # Alike as published by the Creative Commons Foundation; either version -> # 3.0 of the License, or (at your option) any later version. -> # -> # This document is distributed in the hope that it will be useful, -> # but WITHOUT ANY WARRANTY; without even the implied warranty of -> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -> # Creative Commons BY-SA License for more details. -> # -> # http://creativecommons.org/licenses/by-sa/ -> -> #----------------------------------------------------------------------- -> -> # for commercial support contact me, part of the revenue go back to tinc -> -> #----------------------------------------------------------------------- -> -> # http://www.tinc-vpn.org/ -> # http://www.tinc-vpn.org/documentation/tinc_toc -> -> #----------------------------------------------------------------------- -> -> # this is the configuration of the roxy system -> -> #----------------------------------------------------------------------- -> -> unset LANG LANGUAGE LC_ALL -> apt-get update; apt-get dist-upgrade -> -> apt-cache show tinc -> apt-get install tinc/testing -> -> #----------------------------------------------------------------------- -> -> /etc/init.d/tinc stop -> -> #----------------------------------------------------------------------- -> -> # ls -hal /dev/net/tun -> crw------- 1 root root 10, 200 May 24 15:53 /dev/net/tun -> -> # grep tinc /etc/services -> tinc 655/tcp # tinc control port -> tinc 655/udp -> -> # getent services tinc/udp -> tinc 655/udp -> # getent services tinc/tcp -> tinc 655/tcp -> -> cat /usr/share/doc/tinc/README.Debian -> zcat /usr/share/doc/tinc/README.gz | less -> zcat /usr/share/doc/tinc/NEWS.gz | less -> cat /usr/share/doc/tinc/examples/tinc-up -> w3m /usr/share/doc/tinc/tinc_0.html -> -> #----------------------------------------------------------------------- -> -> vim /etc/default/tinc -> EXTRA="-d" -> cat /etc/default/tinc -> -> # less /etc/init.d/tinc -> -> #----------------------------------------------------------------------- -> -> ifconfig -a -> route -n -> -> #----------------------------------------------------------------------- -> -> # ifconfig -a -> eth0 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6c -> inet addr: Bcast: Mask: -> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -> RX packets:4863 errors:0 dropped:0 overruns:0 frame:0 -> TX packets:2958 errors:0 dropped:0 overruns:0 carrier:0 -> collisions:0 txqueuelen:1000 -> RX bytes:4302418 (4.1 MiB) TX bytes:303100 (295.9 KiB) -> Interrupt:10 Base address:0x1000 -> -> eth1 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6d -> UP BROADCAST MULTICAST MTU:1500 Metric:1 -> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 -> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 -> collisions:0 txqueuelen:1000 -> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) -> Interrupt:11 Base address:0x1400 -> -> eth2 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6e -> UP BROADCAST MULTICAST MTU:1500 Metric:1 -> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 -> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 -> collisions:0 txqueuelen:1000 -> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) -> Interrupt:15 Base address:0x1800 -> -> lo Link encap:Local Loopback -> inet addr: Mask: -> UP LOOPBACK RUNNING MTU:16436 Metric:1 -> RX packets:1200 errors:0 dropped:0 overruns:0 frame:0 -> TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0 -> collisions:0 txqueuelen:0 -> RX bytes:96572 (94.3 KiB) TX bytes:96572 (94.3 KiB) -> -> # route -n -> Kernel IP routing table -> Destination Gateway Genmask Flags Metric Ref Use Iface -> U 0 0 0 eth0 -> UG 0 0 0 eth0 -> -> #----------------------------------------------------------------------- -> -> # client01 configuration -> -> cat /etc/tinc/nets.boot -> echo 'powercraft01' | sudo tee --append /etc/tinc/nets.boot -> cat /etc/tinc/nets.boot -> -> #----------------------------------------------------------------------- -> -> sudo mkdir --verbose /etc/tinc/powercraft01/ -> sudo mkdir --verbose /etc/tinc/powercraft01/hosts/ -> sudo touch /etc/tinc/powercraft01/tinc.conf -> -> #----------------------------------------------------------------------- -> -> # on server -> cat /etc/tinc/powercraft01/hosts/server01 -> -> # on client, copy cert data of server to client -> sudo vim /etc/tinc/powercraft01/hosts/server01 -> -> # on client, add on head of file -> Address = powercraft.nl 656 -> Address = 656 -> Address = tinc-vpn.powercraft.nl 656 -> Address = powercraft.nl 655 -> Address = 655 -> Address = tinc-vpn.powercraft.nl 655 -> -> #----------------------------------------------------------------------- -> -> echo 'ConnectTo = server01 -> Device = /dev/net/tun -> Interface = tun1 -> Mode = switch -> Name = client01' | sudo tee /etc/tinc/powercraft01/tinc.conf -> -> sudo cat /etc/tinc/powercraft01/tinc.conf -> sudo chmod 644 /etc/tinc/powercraft01/tinc.conf -> ls -hal /etc/tinc/powercraft01/tinc.conf -> -> echo '#!/bin/sh -> ifconfig $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up -> -> sudo cat /etc/tinc/powercraft01/tinc-up -> sudo chmod 755 /etc/tinc/powercraft01/tinc-up -> ls -hal /etc/tinc/powercraft01/tinc-up -> -> echo '#!/bin/sh -> # ifconfig tun1 hw ether 00:ff:5d:ea:b4:ec -> ifup $INTERFACE &' | sudo tee /etc/tinc/powercraft01/hosts/server01-up -> -> sudo cat /etc/tinc/powercraft01/hosts/server01-up -> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-up -> ls -hal /etc/tinc/powercraft01/hosts/server01-up -> -> echo '#!/bin/sh -> ifconfig $INTERFACE down' | sudo tee /etc/tinc/powercraft01/tinc-down -> -> sudo cat /etc/tinc/powercraft01/tinc-down -> sudo chmod 755 /etc/tinc/powercraft01/tinc-down -> ls -hal /etc/tinc/powercraft01/tinc-down -> -> echo '#!/bin/sh -> ifdown $INTERFACE' | sudo tee /etc/tinc/powercraft01/hosts/server01-down -> -> sudo cat /etc/tinc/powercraft01/hosts/server01-down -> sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-down -> ls -hal /etc/tinc/powercraft01/hosts/server01-down -> -> #----------------------------------------------------------------------- -> -> sudo rm /etc/tinc/powercraft01/rsa_key.priv -> sudo rm /etc/tinc/powercraft01/hosts/client10 -> sudo tincd -n powercraft01 -K -> -> #----------------------------------------------------------------------- -> -> # on client add on head of file -> sudo vim /etc/tinc/powercraft01/hosts/client01 -> Compression = 9 -> PMTU = 1492 -> PMTUDiscovery = yes -> Port = 656 -> # Cipher = aes-128-cbc -> -> # on client -> sudo cat /etc/tinc/powercraft01/hosts/client01 -> -> # on server, copy cert data of client to server -> vim /etc/tinc/powercraft01/hosts/client01 -> -> #----------------------------------------------------------------------- -> -> # watch out when using multiple dhcp clients there can be conflicts -> -> echo 'interface "tun1" { -> request subnet-mask, broadcast-address, time-offset, -> host-name, netbios-scope, interface-mtu, ntp-servers; -> }' | tee --append /etc/dhcp3/dhclient.conf -> -> cat /etc/dhcp3/dhclient.conf -> -> #----------------------------------------------------------------------- -> -> vim /etc/network/interfaces -> -> iface tun1 inet dhcp -> pre-up ifconfig tun1 down || true -> pre-up ifconfig tun1 hw ether 9a:f6:50:3b:c0:48 || true -> post-up route del default dev tun1 || true -> # pre-down /etc/init.d/munin-node stop || true -> # post-up /etc/init.d/munin-node restart || true -> # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/tun1/proxy_arp || true -> # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/vlan4/proxy_arp || true -> # optional # post-up route add -net netmask tun1 || true -> # optional # pre-down route del -net netmask tun1 || true -> -> #----------------------------------------------------------------------- -> -> ifdown tun1; ifdown tun1 -> -> #----------------------------------------------------------------------- -> -> sudo /etc/init.d/tinc stop -> fg -> sudo /usr/sbin/tincd --net powercraft01 --no-detach --debug=5 -> -> #----------------------------------------------------------------------- -> -> sudo /etc/init.d/tinc start -> -> #----------------------------------------------------------------------- -> -> # tincd --version -> tinc version 1.0.13 (built Apr 13 2010 10:27:56, protocol 17) -> -> #----------------------------------------------------------------------- -> -> tincd -n powercraft01 -kUSR2 -> tail -n 100 /var/log/syslog -> -> #----------------------------------------------------------------------- -> -> May 24 19:43:59 roxy tinc.powercraft01[5104]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: -> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes in: 830 -> May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes out: 914 -> May 24 19:43:59 roxy tinc.powercraft01[5104]: Nodes: -> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0018 nexthop client01 via client01 pmtu 1518 (min 0 max 1518) -> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 at port 656 cipher 91 digest 64 maclength 4 compression 9 options c status 001a nexthop server01 via server01 pmtu 1416 (min 1416 max 1416) -> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of nodes. -> May 24 19:43:59 roxy tinc.powercraft01[5104]: Edges: -> May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 to server01 at port 656 options c weight 413 -> May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 to client01 at port 655 options c weight 413 -> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of edges. -> May 24 19:43:59 roxy tinc.powercraft01[5104]: Subnet list: -> May 24 19:43:59 roxy tinc.powercraft01[5104]: 0:1b:21:61:af:d7#10 owner server01 -> May 24 19:43:59 roxy tinc.powercraft01[5104]: 56:fc:c2:fd:69:10#10 owner server01 -> May 24 19:43:59 roxy tinc.powercraft01[5104]: ea:3:e7:3d:46:20#10 owner client01 -> May 24 19:43:59 roxy tinc.powercraft01[5104]: End of subnet list. -> -> #----------------------------------------------------------------------- -> -> # ifconfig -a -> ifconfig tun1 -> route -n -> -> #----------------------------------------------------------------------- -> -> # ifconfig tun1 -> tun1 Link encap:Ethernet HWaddr ea:03:e7:3d:46:20 -> inet addr: Bcast: Mask: -> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -> RX packets:27 errors:0 dropped:0 overruns:0 frame:0 -> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 -> collisions:0 txqueuelen:500 -> RX bytes:9342 (9.1 KiB) TX bytes:9088 (8.8 KiB) -> -> # route -n -> Kernel IP routing table -> Destination Gateway Genmask Flags Metric Ref Use Iface -> U 0 0 0 eth0 -> U 0 0 0 tun1 -> UG 0 0 0 eth0 -> -> #----------------------------------------------------------------------- -> -> ping -c 2 -> ping -c 2 -M dont -s 1500 -> -> #----------------------------------------------------------------------- -> -> lsof -i :655 -> lsof -i :656 -> -> #----------------------------------------------------------------------- -> -> # Accept new connections for fordwarding designated from our virtual private netwerk to the local network -> /sbin/iptables --append FORWARD --in-interface ${VPN01} --out-interface ${LAN01} --jump ACCEPT -> /sbin/iptables --append FORWARD --in-interface ${LAN01} --out-interface ${VPN01} --jump ACCEPT -> -> # Use masquerade so the outside world sees only one ip source for all outgoing trafic -> /sbin/iptables --table nat --append POSTROUTING --out-interface ${VPN01} --jump MASQUERADE -> -> #----------------------------------------------------------------------- + [[!meta title="simple-bridging-with-dhcp-client-side"]] + + # Company: PowerCraft Technology + # Author: Copyright Jelle de Jong + # Note: Please send me an email if you enhanced the document + # Date: 2010-05-24 / 2010-07-04 + # License: CC-BY-SA + + # This document is free documentation; you can redistribute it and/or + # modify it under the terms of the Creative Commons Attribution Share + # Alike as published by the Creative Commons Foundation; either version + # 3.0 of the License, or (at your option) any later version. + # + # This document is distributed in the hope that it will be useful, + # but WITHOUT ANY WARRANTY; without even the implied warranty of + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + # Creative Commons BY-SA License for more details. + # + # http://creativecommons.org/licenses/by-sa/ + + #----------------------------------------------------------------------- + + # for commercial support contact me, part of the revenue go back to tinc + + #----------------------------------------------------------------------- + + # http://www.tinc-vpn.org/ + # http://www.tinc-vpn.org/documentation/tinc_toc + + #----------------------------------------------------------------------- + + # this is the configuration of the roxy system + + #----------------------------------------------------------------------- + + unset LANG LANGUAGE LC_ALL + apt-get update; apt-get dist-upgrade + + apt-cache show tinc + apt-get install tinc/testing + + #----------------------------------------------------------------------- + + /etc/init.d/tinc stop + + #----------------------------------------------------------------------- + + # ls -hal /dev/net/tun + crw------- 1 root root 10, 200 May 24 15:53 /dev/net/tun + + # grep tinc /etc/services + tinc 655/tcp # tinc control port + tinc 655/udp + + # getent services tinc/udp + tinc 655/udp + # getent services tinc/tcp + tinc 655/tcp + + cat /usr/share/doc/tinc/README.Debian + zcat /usr/share/doc/tinc/README.gz | less + zcat /usr/share/doc/tinc/NEWS.gz | less + cat /usr/share/doc/tinc/examples/tinc-up + w3m /usr/share/doc/tinc/tinc_0.html + + #----------------------------------------------------------------------- + + vim /etc/default/tinc + EXTRA="-d" + cat /etc/default/tinc + + # less /etc/init.d/tinc + + #----------------------------------------------------------------------- + + ifconfig -a + route -n + + #----------------------------------------------------------------------- + + # ifconfig -a + eth0 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6c + inet addr: Bcast: Mask: + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:4863 errors:0 dropped:0 overruns:0 frame:0 + TX packets:2958 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:4302418 (4.1 MiB) TX bytes:303100 (295.9 KiB) + Interrupt:10 Base address:0x1000 + + eth1 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6d + UP BROADCAST MULTICAST MTU:1500 Metric:1 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) + Interrupt:11 Base address:0x1400 + + eth2 Link encap:Ethernet HWaddr 00:0d:b9:1a:44:6e + UP BROADCAST MULTICAST MTU:1500 Metric:1 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) + Interrupt:15 Base address:0x1800 + + lo Link encap:Local Loopback + inet addr: Mask: + UP LOOPBACK RUNNING MTU:16436 Metric:1 + RX packets:1200 errors:0 dropped:0 overruns:0 frame:0 + TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:96572 (94.3 KiB) TX bytes:96572 (94.3 KiB) + + # route -n + Kernel IP routing table + Destination Gateway Genmask Flags Metric Ref Use Iface + U 0 0 0 eth0 + UG 0 0 0 eth0 + + #----------------------------------------------------------------------- + + # client01 configuration + + cat /etc/tinc/nets.boot + echo 'powercraft01' | sudo tee --append /etc/tinc/nets.boot + cat /etc/tinc/nets.boot + + #----------------------------------------------------------------------- + + sudo mkdir --verbose /etc/tinc/powercraft01/ + sudo mkdir --verbose /etc/tinc/powercraft01/hosts/ + sudo touch /etc/tinc/powercraft01/tinc.conf + + #----------------------------------------------------------------------- + + # on server + cat /etc/tinc/powercraft01/hosts/server01 + + # on client, copy cert data of server to client + sudo vim /etc/tinc/powercraft01/hosts/server01 + + # on client, add on head of file + Address = powercraft.nl 656 + Address = 656 + Address = tinc-vpn.powercraft.nl 656 + Address = powercraft.nl 655 + Address = 655 + Address = tinc-vpn.powercraft.nl 655 + + #----------------------------------------------------------------------- + + echo 'ConnectTo = server01 + Device = /dev/net/tun + Interface = tun1 + Mode = switch + Name = client01' | sudo tee /etc/tinc/powercraft01/tinc.conf + + sudo cat /etc/tinc/powercraft01/tinc.conf + sudo chmod 644 /etc/tinc/powercraft01/tinc.conf + ls -hal /etc/tinc/powercraft01/tinc.conf + + echo '#!/bin/sh + ifconfig $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up + + sudo cat /etc/tinc/powercraft01/tinc-up + sudo chmod 755 /etc/tinc/powercraft01/tinc-up + ls -hal /etc/tinc/powercraft01/tinc-up + + echo '#!/bin/sh + # ifconfig tun1 hw ether 00:ff:5d:ea:b4:ec + ifup $INTERFACE &' | sudo tee /etc/tinc/powercraft01/hosts/server01-up + + sudo cat /etc/tinc/powercraft01/hosts/server01-up + sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-up + ls -hal /etc/tinc/powercraft01/hosts/server01-up + + echo '#!/bin/sh + ifconfig $INTERFACE down' | sudo tee /etc/tinc/powercraft01/tinc-down + + sudo cat /etc/tinc/powercraft01/tinc-down + sudo chmod 755 /etc/tinc/powercraft01/tinc-down + ls -hal /etc/tinc/powercraft01/tinc-down + + echo '#!/bin/sh + ifdown $INTERFACE' | sudo tee /etc/tinc/powercraft01/hosts/server01-down + + sudo cat /etc/tinc/powercraft01/hosts/server01-down + sudo chmod 755 /etc/tinc/powercraft01/hosts/server01-down + ls -hal /etc/tinc/powercraft01/hosts/server01-down + + #----------------------------------------------------------------------- + + sudo rm /etc/tinc/powercraft01/rsa_key.priv + sudo rm /etc/tinc/powercraft01/hosts/client10 + sudo tincd -n powercraft01 -K + + #----------------------------------------------------------------------- + + # on client add on head of file + sudo vim /etc/tinc/powercraft01/hosts/client01 + Compression = 9 + PMTU = 1492 + PMTUDiscovery = yes + Port = 656 + # Cipher = aes-128-cbc + + # on client + sudo cat /etc/tinc/powercraft01/hosts/client01 + + # on server, copy cert data of client to server + vim /etc/tinc/powercraft01/hosts/client01 + + #----------------------------------------------------------------------- + + # watch out when using multiple dhcp clients there can be conflicts + + echo 'interface "tun1" { + request subnet-mask, broadcast-address, time-offset, + host-name, netbios-scope, interface-mtu, ntp-servers; + }' | tee --append /etc/dhcp3/dhclient.conf + + cat /etc/dhcp3/dhclient.conf + + #----------------------------------------------------------------------- + + vim /etc/network/interfaces + + iface tun1 inet dhcp + pre-up ifconfig tun1 down || true + pre-up ifconfig tun1 hw ether 9a:f6:50:3b:c0:48 || true + post-up route del default dev tun1 || true + # pre-down /etc/init.d/munin-node stop || true + # post-up /etc/init.d/munin-node restart || true + # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/tun1/proxy_arp || true + # optional # post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/vlan4/proxy_arp || true + # optional # post-up route add -net netmask tun1 || true + # optional # pre-down route del -net netmask tun1 || true + + #----------------------------------------------------------------------- + + ifdown tun1; ifdown tun1 + + #----------------------------------------------------------------------- + + sudo /etc/init.d/tinc stop + fg + sudo /usr/sbin/tincd --net powercraft01 --no-detach --debug=5 + + #----------------------------------------------------------------------- + + sudo /etc/init.d/tinc start + + #----------------------------------------------------------------------- + + # tincd --version + tinc version 1.0.13 (built Apr 13 2010 10:27:56, protocol 17) + + #----------------------------------------------------------------------- + + tincd -n powercraft01 -kUSR2 + tail -n 100 /var/log/syslog + + #----------------------------------------------------------------------- + + May 24 19:43:59 roxy tinc.powercraft01[5104]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: + May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes in: 830 + May 24 19:43:59 roxy tinc.powercraft01[5104]: total bytes out: 914 + May 24 19:43:59 roxy tinc.powercraft01[5104]: Nodes: + May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0018 nexthop client01 via client01 pmtu 1518 (min 0 max 1518) + May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 at port 656 cipher 91 digest 64 maclength 4 compression 9 options c status 001a nexthop server01 via server01 pmtu 1416 (min 1416 max 1416) + May 24 19:43:59 roxy tinc.powercraft01[5104]: End of nodes. + May 24 19:43:59 roxy tinc.powercraft01[5104]: Edges: + May 24 19:43:59 roxy tinc.powercraft01[5104]: client01 to server01 at port 656 options c weight 413 + May 24 19:43:59 roxy tinc.powercraft01[5104]: server01 to client01 at port 655 options c weight 413 + May 24 19:43:59 roxy tinc.powercraft01[5104]: End of edges. + May 24 19:43:59 roxy tinc.powercraft01[5104]: Subnet list: + May 24 19:43:59 roxy tinc.powercraft01[5104]: 0:1b:21:61:af:d7#10 owner server01 + May 24 19:43:59 roxy tinc.powercraft01[5104]: 56:fc:c2:fd:69:10#10 owner server01 + May 24 19:43:59 roxy tinc.powercraft01[5104]: ea:3:e7:3d:46:20#10 owner client01 + May 24 19:43:59 roxy tinc.powercraft01[5104]: End of subnet list. + + #----------------------------------------------------------------------- + + # ifconfig -a + ifconfig tun1 + route -n + + #----------------------------------------------------------------------- + + # ifconfig tun1 + tun1 Link encap:Ethernet HWaddr ea:03:e7:3d:46:20 + inet addr: Bcast: Mask: + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:27 errors:0 dropped:0 overruns:0 frame:0 + TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:500 + RX bytes:9342 (9.1 KiB) TX bytes:9088 (8.8 KiB) + + # route -n + Kernel IP routing table + Destination Gateway Genmask Flags Metric Ref Use Iface + U 0 0 0 eth0 + U 0 0 0 tun1 + UG 0 0 0 eth0 + + #----------------------------------------------------------------------- + + ping -c 2 + ping -c 2 -M dont -s 1500 + + #----------------------------------------------------------------------- + + lsof -i :655 + lsof -i :656 + + #----------------------------------------------------------------------- + + # Accept new connections for fordwarding designated from our virtual private netwerk to the local network + /sbin/iptables --append FORWARD --in-interface ${VPN01} --out-interface ${LAN01} --jump ACCEPT + /sbin/iptables --append FORWARD --in-interface ${LAN01} --out-interface ${VPN01} --jump ACCEPT + + # Use masquerade so the outside world sees only one ip source for all outgoing trafic + /sbin/iptables --table nat --append POSTROUTING --out-interface ${VPN01} --jump MASQUERADE + + #-----------------------------------------------------------------------