Hi all,
After having read most of the available documentation I still have got
problems interconnecting two networks in router mode:
My configuration consists of two private home networks that I want to
connect:
Vienna 192.168.0.0/24 - Internet gateway 192.168.0.1
Berlin 192.168.1.0/24 - Internet gateway 192.168.1.1
VPN Devices are configured as 192.168.3.1 (Vienna) and 192.168.3.2 (Berlin)
mask 255.255.0.0
Tinc (1.1pre 15) is running on 192.168.0.2 (Windows) and on 192.168.1.4
(Debian, Raspberry)
IP forwarding is activated on the Windows PC (HKEY_LOCAL_MACHINE\ System\
CurrentControlSet\ Services\ Tcpip\ Parameters) and the Raspberry
(net.ipv4.ip_forward = 1).
Port forwarding for port 54321 is enabled on both routers.
Configuration files:
NodeVienna:
tinc.conf:
--
Name = NodeVienna
ConnectTo = NodeBerlin
Interface = vpn-dev
AddressFamily = ipv4
PrivateKeyFile=C:\Program Files\tinc\MyTincVPN\rsa_key.priv
Mode = router
--
IP config for the TAP-device (Version Windows 9.21.2) vpn-dev:
Static IP: 192.168.3.1 / Subnet mask 255.255.0.0
Firewall exception in place for tinc.exe
--
NodeBerlin:
Tinc.conf
--
Device=/dev/net/tun
Interface=MyTincVPN-dev
Mode=router
Name=NodeBerlin
AddressFamily=ipv4
PrivateKeyFile=/etc/tinc/MyTincVPN/rsa_key.priv
ConnectTo=NodeVienna
--
tinc-up:
--
#!/bin/sh
ifconfig $INTERFACE 192.168.3.2 netmask 255.255.0.0
--
Host files:
Node Vienna:
--
Address=213.x.y.z
Port=54321
Subnet=192.168.0.0/24
Compression=9
-----BEGIN RSA PUBLIC KEY-----
[removed]
-----END RSA PUBLIC KEY-----
--
NodeBerlin:
--
Address=xxxxx.ddns.net
Port=54321
Subnet=192.168.1.0/24
Compression=9
-----BEGIN RSA PUBLIC KEY-----
[removed]
-----END RSA PUBLIC KEY-----
---------------
Current issue:
According to the logs (level 5) both nodes are connected, there is a lot of
traffic between them (and looks good):
On both machines (192.168.0.2 & 192.168.1.4) it is possible to ping the
local VPN IP (192.168.3.1 and 192.168.3.2). A ping to the other VPN results
in a timeout.
On 192.168.0.2 a ping to 192.168.3.1 works, a ping to192.168.3.2 generates a
time out.
On 192.168.1.4 a ping to 192.168.3.2 works, a ping to192.168.3.2 results in
destination net nor reachable.
Below I attached the routing tables.
It seems to be a routing issue (I found no config example with the same
layout).
Thanks in advance for any comment/help.
Alexander
IPv4-Routing Tables for 192.168.0.2
===========================================================================
Aktive Routen:
Dest mask Gateway Interface metrik
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
192.168.0.0 255.255.0.0 Auf Verbindung 192.168.3.1 291
192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.2 281
192.168.0.2 255.255.255.255 Auf Verbindung 192.168.0.2 281
192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.2 281
192.168.3.1 255.255.255.255 Auf Verbindung 192.168.3.1 291
192.168.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.3.1 291
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.2 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.3.1 291
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.2 281
===========================================================================
--
Routing table for 192.168.1.4
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
default 192.168.1.1 0.0.0.0 UG 303 0 0
wlan0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0
MyTincVPN-dev
192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0
wlan0
===
---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus
_______________________________________________
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
