I have a three tinc server setup, similar to "4.3 How Connections Work" using the configuration mostly likehttp://ostolc.org/site-to-site-vpn-with-tinc.html
The clients (Ubuntus, Debians and Windows 10s) can all ping (and SSH) to each other remotely. As far as that is concerned it's working great - thanks so much for some great software. However, on each of the Tinc servers (A and C) neither of them can ping other remote clients. Of course, A and C can ping each other. If I use tcpdump -nni tun0 icmpI can see the echo packets leave the server, and on a remote client see the request received and the reply sent. However the server never gets the reply.It seems that on each server there is no internal routing between enp1s0 and tun0 for IPs that are not server IPs I guess I can live with such a limitation, but would still like to know why!! Here's Server A config. Of course it's symmetrical so the other two will be similar. B is a DigitalOcean Droplet TINC.CONFName = AAddressFamily = ipv4ConnectTo = BDevice = /dev/net/tunLocalDiscovery = yes TINC-UPip link set $INTERFACE upip addr add 192.168.20.3/24 dev $INTERFACEroute add -net 192.168.14.0/24 gw 192.168.20.3 route add -net 192.168.6.0/24 gw 192.168.4.99 HOST AAddress = A.dyndns.org Port = 655 ##Subnet on the virtual private network that is local for this host.Subnet = 192.168.4.0/24Subnet = 192.168.6.0/24Subnet = 192.168.20.3/32 # The public key generated by `tincd -n example -K' is stored here-----BEGIN RSA PUBLIC KEY----------END RSA PUBLIC KEY----- ROUTE TABLE on AKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Ifacedefault 192.168.4.1 0.0.0.0 UG 100 0 0 enp1s0link-local * 255.255.0.0 U 1000 0 0 enp1s0192.168.4.0 * 255.255.255.0 U 100 0 0 enp1s0192.168.6.0 192.168.4.99 255.255.255.0 UG 0 0 0 enp1s0192.168.14.0 192.168.20.3 255.255.255.0 UG 0 0 0 tun0192.168.20.0 * 255.255.255.0 U 0 0 0 tun0 The Net, 192.168.20.0 is one for TINC itself, where 192.168.20.3 is A, 192.168.20.2 is B and 192.168.20.1 is C And I explicitly static route to it. (Doing it the way shown in other examples has same issue)Net 192.168.14.0 is the C local network Net 192.168.4.0 is the A local network (Net 192.168.6.0 is via another router with WAN IP of 192.168.4.99 IP of A is 192.168.4.30, IP of C is 192.168.14.20 Only thing wrong is, for exampleOn A, ping 192.168.14.60 does not work On C, ping 192.168.4.26 does not work But on clients 192.168.14.60 and 192.168.4.26 can ping each other. All firewalls are off, and iptables flushed Very puzzling!! John
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
