Hi all,
After having read most of the available documentation I still have got problems interconnecting two networks in router mode: My configuration consists of two private home networks that I want to connect: Vienna 192.168.0.0/24 - Internet gateway 192.168.0.1 Berlin 192.168.1.0/24 - Internet gateway 192.168.1.1 VPN Devices are configured as 192.168.3.1 (Vienna) and 192.168.3.2 (Berlin) mask 255.255.0.0 Tinc (1.1pre 15) is running on 192.168.0.2 (Windows) and on 192.168.1.4 (Debian, Raspberry) IP forwarding is activated on the Windows PC (HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Tcpip\ Parameters) and the Raspberry (net.ipv4.ip_forward = 1). Port forwarding for port 54321 is enabled on both routers. Configuration files: NodeVienna: tinc.conf: -- Name = NodeVienna ConnectTo = NodeBerlin Interface = vpn-dev AddressFamily = ipv4 PrivateKeyFile=C:\Program Files\tinc\MyTincVPN\rsa_key.priv Mode = router -- IP config for the TAP-device (Version Windows 9.21.2) vpn-dev: Static IP: 192.168.3.1 / Subnet mask 255.255.0.0 Firewall exception in place for tinc.exe -- NodeBerlin: Tinc.conf -- Device=/dev/net/tun Interface=MyTincVPN-dev Mode=router Name=NodeBerlin AddressFamily=ipv4 PrivateKeyFile=/etc/tinc/MyTincVPN/rsa_key.priv ConnectTo=NodeVienna -- tinc-up: -- #!/bin/sh ifconfig $INTERFACE 192.168.3.2 netmask 255.255.0.0 -- Host files: Node Vienna: -- Address=213.x.y.z Port=54321 Subnet=192.168.0.0/24 Compression=9 -----BEGIN RSA PUBLIC KEY----- [removed] -----END RSA PUBLIC KEY----- -- NodeBerlin: -- Address=xxxxx.ddns.net Port=54321 Subnet=192.168.1.0/24 Compression=9 -----BEGIN RSA PUBLIC KEY----- [removed] -----END RSA PUBLIC KEY----- --------------- Current issue: According to the logs (level 5) both nodes are connected, there is a lot of traffic between them (and looks good): On both machines (192.168.0.2 & 192.168.1.4) it is possible to ping the local VPN IP (192.168.3.1 and 192.168.3.2). A ping to the other VPN results in a timeout. On 192.168.0.2 a ping to 192.168.3.1 works, a ping to192.168.3.2 generates a time out. On 192.168.1.4 a ping to 192.168.3.2 works, a ping to192.168.3.2 results in destination net nor reachable. Below I attached the routing tables. It seems to be a routing issue (I found no config example with the same layout). Thanks in advance for any comment/help. Alexander IPv4-Routing Tables for 192.168.0.2 =========================================================================== Aktive Routen: Dest mask Gateway Interface metrik 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 192.168.0.0 255.255.0.0 Auf Verbindung 192.168.3.1 291 192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.2 281 192.168.0.2 255.255.255.255 Auf Verbindung 192.168.0.2 281 192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.2 281 192.168.3.1 255.255.255.255 Auf Verbindung 192.168.3.1 291 192.168.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.3.1 291 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.2 281 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.2 281 =========================================================================== -- Routing table for 192.168.1.4 Kernel-IP-Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface default 192.168.1.1 0.0.0.0 UG 303 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 MyTincVPN-dev 192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0 === --- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus
_______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc