Static IP: 192.168.3.1 / Subnet mask 255.255.0.0 your tinc subnet overlaps both of your lan subnets, 192.168.0.0/16 (255.255.0.0) will see 192.168.1.1/24 (255.255.255.0) and 192.168.0.1/24 as part of its network. move tinc to a clear subnet, then add a route to both lan gateways to use the tinc box to reach the other lan. ie static route on 192.168.0.1 host 192.168.1.0/24 gateway (tinc box on 192.168.0.0/24 LAN ip)
static route on 192.168.1.1 host 192.168.0.0/24 gateway (tinc box on 192.168.1. 0/24 LAN ip) once both sides know how to reach each other, pinging both directions should work so long as the tinc tunnel connects. On Sun, Mar 11, 2018 at 5:01 AM, <lx.ma...@chello.at> wrote: > Hi all, > > > > After having read most of the available documentation I still have got > problems interconnecting two networks in router mode: > > > > My configuration consists of two private home networks that I want to > connect: > > Vienna 192.168.0.0/24 - Internet gateway 192.168.0.1 > > Berlin 192.168.1.0/24 - Internet gateway 192.168.1.1 > > > > VPN Devices are configured as 192.168.3.1 (Vienna) and 192.168.3.2 > (Berlin) mask 255.255.0.0 > > > > Tinc (1.1pre 15) is running on 192.168.0.2 (Windows) and on 192.168.1.4 > (Debian, Raspberry) > > IP forwarding is activated on the Windows PC (HKEY_LOCAL_MACHINE\ System\ > CurrentControlSet\ Services\ Tcpip\ Parameters) and the Raspberry > (net.ipv4.ip_forward = 1). > > Port forwarding for port 54321 is enabled on both routers. > > > > Configuration files: > > > > NodeVienna: > > tinc.conf: > > -- > > Name = NodeVienna > > ConnectTo = NodeBerlin > > Interface = vpn-dev > > AddressFamily = ipv4 > > PrivateKeyFile=C:\Program Files\tinc\MyTincVPN\rsa_key.priv > > Mode = router > > -- > > IP config for the TAP-device (Version Windows 9.21.2) vpn-dev: > > Static IP: 192.168.3.1 / Subnet mask 255.255.0.0 > > Firewall exception in place for tinc.exe > > -- > > NodeBerlin: > > Tinc.conf > > -- > > Device=/dev/net/tun > > Interface=MyTincVPN-dev > > Mode=router > > Name=NodeBerlin > > AddressFamily=ipv4 > > PrivateKeyFile=/etc/tinc/MyTincVPN/rsa_key.priv > > ConnectTo=NodeVienna > > -- > > tinc-up: > > -- > > #!/bin/sh > > ifconfig $INTERFACE 192.168.3.2 netmask 255.255.0.0 > > -- > > Host files: > > > > Node Vienna: > > -- > > Address=213.x.y.z > > Port=54321 > > Subnet=192.168.0.0/24 > > Compression=9 > > -----BEGIN RSA PUBLIC KEY----- > > [removed] > > -----END RSA PUBLIC KEY----- > > -- > > NodeBerlin: > > -- > > Address=xxxxx.ddns.net > > Port=54321 > > Subnet=192.168.1.0/24 > > Compression=9 > > -----BEGIN RSA PUBLIC KEY----- > > [removed] > > -----END RSA PUBLIC KEY----- > > --------------- > > Current issue: > > According to the logs (level 5) both nodes are connected, there is a lot > of traffic between them (and looks good): > > On both machines (192.168.0.2 & 192.168.1.4) it is possible to ping the > local VPN IP (192.168.3.1 and 192.168.3.2). A ping to the other VPN results > in a timeout. > > > > On 192.168.0.2 a ping to 192.168.3.1 works, a ping to192.168.3.2 generates > a time out. > > On 192.168.1.4 a ping to 192.168.3.2 works, a ping to192.168.3.2 results > in destination net nor reachable. > > > > Below I attached the routing tables. > > > > It seems to be a routing issue (I found no config example with the same > layout). > > > > Thanks in advance for any comment/help. > > Alexander > > > > > > IPv4-Routing Tables for 192.168.0.2 > > ============================================================ > =============== > > Aktive Routen: > > Dest mask Gateway Interface metrik > > 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 > 25 > > 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 > 331 > > 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 > 331 > > 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 > 331 > > 192.168.0.0 255.255.0.0 Auf Verbindung 192.168.3.1 > 291 > > 192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.2 > 281 > > 192.168.0.2 255.255.255.255 Auf Verbindung 192.168.0.2 > 281 > > 192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.2 > 281 > > 192.168.3.1 255.255.255.255 Auf Verbindung 192.168.3.1 > 291 > > 192.168.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 > 291 > > 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 > 331 > > 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.3.1 > 291 > > 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.2 > 281 > > 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 > 331 > > 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 > 291 > > 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.2 > 281 > > ============================================================ > =============== > > -- > > > > > > Routing table for 192.168.1.4 > > Kernel-IP-Routentabelle > > Ziel Router Genmask Flags Metric Ref Use > Iface > > default 192.168.1.1 0.0.0.0 UG 303 0 0 > wlan0 > > 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > MyTincVPN-dev > > 192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 > wlan0 > > === > > > > > > > > > > > > > > > > > > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > Virenfrei. > www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > <#m_8105891144895463053_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > _______________________________________________ > tinc mailing list > tinc@tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >
_______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc