On Fri, Sep 16, 2016 at 02:35:01PM +0300, Stanislav Krasnoyarov wrote: > Tinc 1 ip: 172.22.0.101, 21.0.0.1 > Tinc 2 ip: 172.22.0.102, 21.0.0.2 > > I've setup a VPC route table to route all requests to 21.0.0/24 to tinc 1 > and had configured tinc nodes to use masquerading. It works perfectly when > a traffic flows like this: > > source -> tinc1 -> tinc3 -> tinc1 -> source > > But if tinc3 replies to a different node there is a problem since there's > no masquerading record for that request > > source -> tinc1 -> tinc3 -> tinc2 -> xx
How would this happen? If tinc1 masquerades the source address to
21.0.0.1, then the return packet from tinc3 should end up back at tinc1,
not tinc2.
In your scenario, you might not need masquerading: just add Subnet =
172.31.0.0/16 to hosts/tinc1 and hosts/tinc2, and the following line to
the tinc-up file of the tinc daemon on the LAN:
ip route add 172.31.0.0/16 dev $INTERFACE
This should allow traffic between your EC2 instances and 21.0.0.11
without any masquerading. It then also doesn't matter what route the
(return) packets use.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <g...@tinc-vpn.org>
signature.asc
Description: Digital signature
_______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
