One-way linking two LANs #340
Comments
|
On their server you need to add a route back to your LAN. You need to add this: |
|
Done though still seem to be getting the same results (can ping the VPN IP but not anything inside the client's network from our server) |
|
why are these tinc-down? |
|
Don't I want to delete the rules I made in tinc-up when I take tinc down to cleanup after myself? I suppose a better question might be: is there a generic example of how to do what I'm looking for? |
|
Ah yes, sorry. I was just confused by the formatting. There are bunch examples here: This might be useful too: |
|
Ahh ok I did have a look through the examples there, but a lot of the ones related to what I'm looking to do feel a little too heavy-handed. I don't necessarily want to share a subnet between my networks, or allow broadcast packets between them, I just need to be able to access any device on the client's LAN from my office network really. I feel like perhaps this could be quite a common usecase, so it'd be a good one for the example list IMO? Although then again... reviewing the docs there's this: https://www.tinc-vpn.org/documentation/Example-configuration.html#Example-configuration Is my mistake that I'm not putting giving the tinc interface an IP in the local LAN's subnet? Should I be using for example 10.10.1.100 for our office's tinc node, and 10.20.1.100 for the remote node? I was using #192 as a reference but I'm lacking some context as the link in the original comment doesn't work any more. |
What do you mean by this? |
I had allocated a separate network range (10.201.x.x) for the tun adapters, is that making my life harder with trying to achieve my goal? Just noting that in the docs, IPs in the same network range as the LAN are used. |
|
You did the right thing by not giving it the LAN's IP. Otherwise the routing table wouldn't work. |
|
The good news is that if I That being said, I never get a response, and |
|
Why don't you do a |
I'm trying to use Tinc to connect a client's LAN (which is behind a non-portfowardable mobile broadband connection) to our office LAN (no firewall issues with ours) so that we can remote into their network's various services via an on-site Ubuntu server (our server is also Ubuntu). Our server acts as the server, theirs the client.
Our LAN is 10.10.0.0/16 and theirs is 10.20.0.0/16. Our tinc network is on 10.201.0.1 and .2
So far I've got it so our two servers can talk over the LAN IPs, and I can ping their server's physical IP (10.20.1.103) via our server (10.10.1.3) however I'm now stumped beyond this...
Our server:
tinc-up:
tinc-down:
Their server:
tinc-down:
Hosts:
office-server:
client-server:
My
ipknowledge isn't that great so some of this may be a garbled mess where I've been piecing together various odds and ends. The ultimate end-goal is that anything on our LAN can access their LAN via their10.20.x.xIPs, I can setup a static route at the router level on our end to facilitate that no problem. Ideally I'd not want their side to be able to access ours but presumably this can be done via a quick firewall wall if necessary?Both servers have ip_forward set to 1
The text was updated successfully, but these errors were encountered: