I admit that I am not familiar with Tinc very well but see that Tinc is running 
their current vpn connections.  We have a scenario that has 20 different sites 
currently and successfully using tinc on openwrt but I am having issues adding 
an additional site as it will not communicate with the rest. I am not the one 
that originally setup the system but that person is no longer available.  I 
have taken the firmware of one and flashed it on another router to make it 
duplicate and then tested it working but when I change the hostname, and IP to 
what we need it to be (in this case 172.16.100.0) it no longer communicates 
with the rest of the network even though I have the same public key as well as 
adding it to the host folder and tinc config file on every other router. Am I 
missing something? The current system seems to be working now but having issues 
to add new.

Thanks in advance for any advice, assistance or referral you could provide.

Regards,

Chris

Contents of the /etc/tinc/NETNAME/hosts/ folder
pfsense1    pfsense100  pfsense11   pfsense12   pfsense16   pfsense17   
pfsense19   pfsense2    pfsense20   pfsense201  pfsense26   pfsense27   
pfsense4    pfsense7

All of the /etc/tinc/NETNAME/hosts/ files have the same public key on each 
router as well as each file above.

Here is the current configuration setup. (OpenWRT router is .254 on all subnets)
Pfsense1 is 172.16.1.0
Pfsense2 is 172.16.2.0
Pfsense4 is 172.16.4.0
Etc..


Partial file contents of /etc/config/tinc

config tinc-net NETNAME
        option enabled 1
        option logfile /tmp/log/tinc.log
        option debug 1
        option AddressFamily ipv4

        list ConnectTo=pfsense2
        list ConnectTo=pfsense4
        list ConnectTo=pfsense12
        list ConnectTo=pfsense201
        list ConnectTo=pfsense11
        list ConnectTo=pfsense1
        list ConnectTo=pfsense19
        list ConnectTo=pfsense7
        list ConnectTo pfsense26
        list ConnectTo pfsense27
        list ConnectTo pfsense100
        option Name pfsense16

config tinc-host pfsense20
        option enabled 1
        option net NETNAME
        list Address {PUBLICIPHERE for this site}
        option Subnet 172.16.20.0/24


config tinc-host pfsense7
        option enabled 1
        option net NETNAME
        list Address {PUBLICIPHERE for this site}
        option Subnet 172.16.7.0/24

config tinc-host pfsense19
        option enabled 1
        option net NETNAME
        list Address {PUBLICIPHERE for this site}
        option Subnet 172.16.19.0/24

config tinc-host pfsense100
        option enabled 1
        option net NETNAME
        list Address {PUBLICIPHERE for this site}
        option Subnet 172.16.100.0/24

It continues with the rest of the sites that I did not list to limit email 
length.


File contents of  /etc/tinc/NETNAME/tinc-up
#!/bin/sh
ip=`uci get network.lan.ipaddr`
ifconfig $INTERFACE $ip

File contents of  /etc/tinc/NETNAME/tinc-down
#!/bin/sh
ifconfig $INTERFACE down

File contents of  /etc/tinc/NETNAME/subnet-up
#!/bin/sh
[ $NODE = `uci get tinc.$NETNAME.Name` ] && exit
case $SUBNET in
        */32) targetType=-host ;;
        *) targetType=-net ;;
esac
route add $targetType $SUBNET dev $INTERFACE


File contents of  /etc/tinc/NETNAME/subnet-down
[ $NODE = `uci get tinc.$NETNAME.Name` ] && exit
case $SUBNET in
        */32) targetType=-host ;;
        *) targetType=-net ;;
esac
route del $targetType $SUBNET dev $INTERFACE

To be clear (also not sure how it works without it) but tinc.conf is not in the 
/etc/tinc/NETNAME folder. We can see it in the /tmp/tinc/NETNAME directory only 
and its contents are below.
File contents of /tmp/tinc/NETNAME/tinc.conf (this is on the pfsense16 unit 
with subnet 172.16.16.0)
AddressFamily = ipv4
ConnectTo = pfsense26
ConnectTo = pfsense27
Name = pfsense16





_______________________________________________
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

Reply via email to