Here are the config files Thanks!:
# tinc.conf on MASTER # ------- master ------- Name = master Device = /dev/net/tun AddressFamily=ipv4 --------------------------------------------- cat tinc-up # tinc-up on MASTER ifconfig $INTERFACE 10.0.3.1 netmask 255.255.255.0 --------------------------------------------- cat tinc-up # tinc-up on WEB ifconfig $INTERFACE 10.0.3.3 netmask 255.255.255.0 --------------------------------------------- # tinc.conf on WEB # ------- web ------- Name = web Device = /dev/net/tun AddressFamily=ipv4 ConnectTo = master #ConnectTo = home --------------------------------------------- cat hosts/master on BOTH # ------- master ------- Address = 1.2.3.4 #public IP Subnet = 10.0.3.1/32 -----BEGIN RSA PUBLIC KEY----- My Key on MASTER -----END RSA PUBLIC KEY----- --------------------------------------------- cat hosts/web on BOTH # ------- web ------- Address = 4.3.2.1 #public IP Subnet = 10.0.3.3/32 # Public key goes below here -----BEGIN RSA PUBLIC KEY----- My Key on WEB -----END RSA PUBLIC KEY----- --------------------------------------------- On Mon, Jan 30, 2017 at 2:43 PM, Guillermo Bisheimer < [email protected]> wrote: > Can you post your Tinc configuration too? > > El lun., 30 ene. 2017 a las 11:42, Dave Albert (<[email protected]>) > escribió: > >> Here is an extract of my current iptables that are not working: >> >> iptables -L -n -v >> >> Chain INPUT (policy DROP 8 packets, 1120 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT tcp -- lo * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:3306 >> 0 0 ACCEPT udp -- lo * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:3306 >> 0 0 NRPE tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:5666 >> 0 0 ACCEPT icmp -- * * x.x.x.x >> 0.0.0.0/0 icmptype 8 >> 0 0 ACCEPT icmp -- * * 127.0.0.1 >> 0.0.0.0/0 icmptype 8 >> 0 0 ACCEPT icmp -- * * 10.0.3.0/24 >> 0.0.0.0/0 icmptype 8 >> 0 0 ACCEPT tcp -- * * 10.0.3.0/24 >> 0.0.0.0/0 >> 0 0 ACCEPT udp -- * * 10.0.3.0/24 >> 0.0.0.0/0 >> 0 0 DROP icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 icmptype 8 >> 0 0 ACCEPT icmp -- * * x.x.x.x >> 0.0.0.0/0 icmptype 8 >> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:5666 >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED >> 192 13741 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED >> 0 0 ACCEPT all -- lo * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 ACCEPT all -- docker0 * 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 udp spt:53 >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:80 limit: avg 25/min burst 100 >> 0 0 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp spt:123 >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:25 >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:22 state ESTABLISHED >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:2222 state ESTABLISHED >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:655 state NEW,ESTABLISHED >> 6 8976 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:655 state NEW,ESTABLISHED >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:80 state ESTABLISHED >> 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:443 state ESTABLISHED >> >> Chain FORWARD (policy DROP 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * docker0 0.0.0.0/0 >> 172.17.0.0/16 ctstate RELATED,ESTABLISHED >> 0 0 ACCEPT all -- docker0 * 172.17.0.0/16 >> 0.0.0.0/0 >> 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 >> 0.0.0.0/0 >> >> Chain OUTPUT (policy DROP 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 NRPE tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:5666 >> 0 0 ACCEPT tcp -- * * 10.0.3.0/24 >> 0.0.0.0/0 >> 0 0 ACCEPT udp -- * * 10.0.3.0/24 >> 0.0.0.0/0 >> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 icmptype 0 >> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 >> 0.0.0.0/0 state NEW,RELATED,ESTABLISHED >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:5666 >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:22 state ESTABLISHED >> 140 44173 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:2222 state ESTABLISHED >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:80 state ESTABLISHED >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:443 state ESTABLISHED >> 0 0 ACCEPT all -- * lo 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 ACCEPT all -- * docker0 0.0.0.0/0 >> 0.0.0.0/0 >> 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:53 >> 0 0 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:123 >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:25 >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED >> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0 tcp spt:655 state NEW,ESTABLISHED >> 6 8976 ACCEPT udp -- * * 0.0.0.0/0 >> 0.0.0.0/0 udp spt:655 state NEW,ESTABLISHED >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED >> 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED >> >> Chain NRPE (2 references) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- * * 0.0.0.0/0 >> x.x.x.x >> 0 0 ACCEPT all -- * * x.x.x.x >> 0.0.0.0/0 >> 0 0 DROP all -- * * 0.0.0.0/0 >> 0.0.0.0/0 >> >> >> >> >> iptables -t nat -L -n -v >> Chain PREROUTING (policy ACCEPT 6 packets, 1831 bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain INPUT (policy ACCEPT 4 packets, 1348 bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain OUTPUT (policy ACCEPT 14 packets, 856 bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain POSTROUTING (policy ACCEPT 2 packets, 136 bytes) >> pkts bytes target prot opt in out source >> destination >> >> >> On Mon, Jan 30, 2017 at 2:05 PM, Dave Albert <[email protected]> >> wrote: >> >> Hi, >> >> I've been able to get tinc setup when I flush all my iptables, but >> after enabling iptables and a delay I get a "Destination Net Unknown". I >> have three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and >> WEB are in Digital ocean in the same data centre. >> >> HOME <---> MASTER <---> WEB >> >> I've tried multiple forwarding/masquerading/etc rules and don't >> understand what I'm missing. >> >> When iptables are enabled (same rules on MASTER and WEB) I get the >> following results: >> >> HOME $ ping 10.0.3.1 ==> Success >> HOME $ ping 10.0.3.3 ==> Destination Net Unknown >> >> MASTER $ ping 10.0.3.2 ==> Success >> MASTER $ ping 10.0.3.3 ==> Destination Net Unknown >> >> WEB $ ping 10.0.3.1 ==> Destination Net Unknown >> WEB $ ping 10.0.3.2 ==> Destination Net Unknown >> >> >> It's not just ICMP though, I get the same results for "nc -vz x.x.x.x 22" >> >> I'd appreciate any help. >> >> Thanks, >> Dave >> >> >> _______________________________________________ >> tinc mailing list >> [email protected] >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >> > -- > > *Ing. Guillermo Bisheimer* > > *B&S Sistemas de Control y Equipamientos* > > Av. de los Constituyentes 1172 > > (E3116CIX) Crespo, Entre Ríos > > Tel/Fax: (0343) 407-8990 (Nuevo número) > > Cel: (0343) 154679052 > > WEB: www.bys-control.com.ar > > e-mail: [email protected] > > skype: guillermo.bisheimer > > _______________________________________________ > tinc mailing list > [email protected] > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
