X-Git-Url: https://tinc-vpn.org/git/browse?p=wiki;a=blobdiff_plain;f=examples%2Fproxy-arp.mdwn;h=df4cd2c22419de73826ce6bfcbbd8787b5a57f28;hp=70cb092f3e02330b096c80a1bcf7e6c90782e21c;hb=HEAD;hpb=e8902ec27a050f2c62253ea73ee7acda88c6ac9b diff --git a/examples/proxy-arp.mdwn b/examples/proxy-arp.mdwn index 70cb092..df4cd2c 100644 --- a/examples/proxy-arp.mdwn +++ b/examples/proxy-arp.mdwn @@ -7,7 +7,7 @@ IP address inside the local LAN's subnet), one can set up a bridge at the local node, as described in the [[bridging example|examples/bridging]]. However, setting up a bridge is rather complex, and if one only needs unicast IP traffic to work, and broadcast or non-IP traffic is not a requirement, one can use the -[proxy ARP](http://en.wikipedia.org/wiki/Proxy_ARP) features of the operating +[proxy ARP](https://en.wikipedia.org/wiki/Proxy_ARP) features of the operating system instead. Since we only use unicast IP traffic, proxy ARP works with both router and @@ -22,46 +22,47 @@ The network setup is as follows: ### Configuration of tinc at the office -> host# cat /etc/tinc/vpn/tinc.conf -> Name = office -> #Optional: -> #Mode = switch -> -> host# cat /etc/tinc/vpn/tinc-up -> #!/bin/sh -> -> ifconfig $INTERFACE 192.168.1.2 netmask 255.255.255.255 -> route add 192.168.1.123 dev $INTERFACE -> echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp -> echo 1 >/proc/sys/net/ipv4/conf/$INTERFACE/proxy_arp -> -> host# ls /etc/tinc/vpn/hosts -> office roadwarrior ... -> -> host# cat /etc/tinc/vpn/hosts/office -> Address = 123.234.123.42 -> Subnet = 192.168.1.0/24 -> -----BEGIN RSA PUBLIC KEY----- -> ... -> -----END RSA PUBLIC KEY----- -> -> host# cat /etc/tinc/vpn/hosts/roadwarrior -> Subnet = 192.168.1.123 -> -----BEGIN RSA PUBLIC KEY----- -> ... -> -----END RSA PUBLIC KEY----- + host# cat /etc/tinc/vpn/tinc.conf + Name = office + #Optional: + #Mode = switch + + host# cat /etc/tinc/vpn/tinc-up + #!/bin/sh + + ifconfig $INTERFACE 192.168.1.2 netmask 255.255.255.255 + route add 192.168.1.123 dev $INTERFACE + echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp + echo 1 >/proc/sys/net/ipv4/conf/$INTERFACE/proxy_arp + + host# ls /etc/tinc/vpn/hosts + office roadwarrior ... + + host# cat /etc/tinc/vpn/hosts/office + Address = 123.234.123.42 + Subnet = 192.168.1.0/24 + -----BEGIN RSA PUBLIC KEY----- + ... + -----END RSA PUBLIC KEY----- + + host# cat /etc/tinc/vpn/hosts/roadwarrior + Subnet = 192.168.1.123 + -----BEGIN RSA PUBLIC KEY----- + ... + -----END RSA PUBLIC KEY----- ### Configuration of tinc at the road warrior -> host# cat /etc/tinc/vpn/tinc.conf -> Name = roadwarrior -> #Optional: -> #Mode = switch -> -> host# cat /etc/tinc/vpn/tinc-up -> #!/bin/sh -> -> ifconfig $INTERFACE 192.168.1.123 netmask 255.255.255.0 + host# cat /etc/tinc/vpn/tinc.conf + Name = roadwarrior + ConnectTo = office + #Optional: + #Mode = switch + + host# cat /etc/tinc/vpn/tinc-up + #!/bin/sh + + ifconfig $INTERFACE 192.168.1.123 netmask 255.255.255.0 The host config files are, of course, identical to those on the office node. @@ -72,7 +73,7 @@ to the roadwarrior's address hardcoded. To have tinc automatically add the necessary routes, remove the `route add` command from the `tinc-up` script, and instead add this `subnet-up` script: -> host# cat /etc/tinc/vpn/subnet-up -> #!/bin/sh -> [ "$NAME" = "$NODE" ] && exit 0 -> ip route replace $SUBNET dev $INTERFACE + host# cat /etc/tinc/vpn/subnet-up + #!/bin/sh + [ "$NAME" = "$NODE" ] && exit 0 + ip route replace $SUBNET dev $INTERFACE