Hello,
I've got an AWS cloud and a local network. I'd like to setup an access from
private EC2 instances to local network tinc server. There are two public
EC2 instances with tinc server installed, other (private) EC2 nodes do not
have tinc.
http://imgur.com/tq84crc
VPC subnet: 172.22/16
VPN
Ok, I've found it, it's still masquerading. In case of "source -> tinc1 ->
tinc3 -> tinc2 -> xx" tinc2 did masquerade response packet. I think I just
have to exclude 172.31.0.0/16 subnet from masquerading.
It is still unclear though if there's a way for tinc to reply to the same
node it had
Actually I was wrong on masquerading. I've set it up the other way to
masquerade packets from tinc3 to the internet via tinc1/tinc2.
Subnet = 172.31.0.0/16 is there for both tinc1 and tinc2 as well as route
for tinc3. I can reach any private instance from tinc3.
> the return packet from tinc3
On Fri, Sep 16, 2016 at 02:35:01PM +0300, Stanislav Krasnoyarov wrote:
> Tinc 1 ip: 172.22.0.101, 21.0.0.1
> Tinc 2 ip: 172.22.0.102, 21.0.0.2
>
> I've setup a VPC route table to route all requests to 21.0.0/24 to tinc 1
> and had configured tinc nodes to use masquerading. It works perfectly