Menu
What's new
By:
Filters Better Search

How to trust the TINC interface

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sunmast

sunmast

New Around Here
First time post...

Hello, does any one know how to trust the TINC interface created by the TINC VPN? Here is my setup:

Computer1 <--TINC VPN (TAP mode)--> Router1 (running latest Asuswrt-Merlin)

Computer1 can talk to Router1 on the VPN network and vise versa, but it can't talk to any other computers in the network of Router1. Routing rules are setup correctly on both Computer1 and Router1.

Tcpdump shows the Router does see all incoming requests from Computer1, but I believe all of them are just dropped. Tcpdump on the destination computer doesn't see any traffic.

I've tried to trust the interface manually (on Router1):

iptables -A INPUT -i tinc -j ACCEPT
ip6tables -A INPUT -i tinc -j ACCEPT
iptables -A OUTPUT -o tinc -j ACCEPT
ip6tables -A OUTPUT -o tinc -j ACCEPT
iptables -A FORWARD -o tinc -j ACCEPT
ip6tables -A FORWARD -o tinc -j ACCEPT
iptables -A FORWARD -i tinc -j ACCEPT
ip6tables -A FORWARD -i tinc -j ACCEPT

It doesn't help. I think somehow the Router1 just doesn't want to forward any traffic from the tinc interface to the br0 interface which connects to the LAN.

Interestingly, br0 -> tinc forwarding is working fine. Computers in the network of Router1 can just ping Computer1.

BTW, OVPN works in a similar setup. It looks like the router is treating OVPN tap interfaces differently.

Thanks in advance!
 
Last edited:
I think (in fact, I'd bet) you're going to really like WireGuard. https://www.wireguard.com/
It's coming in an upcoming Asus firmware release (and will naturally follow to Merlin's), but if you pop over to the Asuswrt-Merlin Addons subforum, they've been working on/with it for a few years now. Perhaps you might want to investigate and consider that alternative to Tinc to achieve your desires/goals/needs, if you're confident in your knowledge/understanding/skills.

For your convenience:
www.snbforums.com

Wireguard - Session Manager - Discussion (2nd) thread

This thread http://www.snbforums.com/threads/session-manager.70787/ has now expired. Thanks for the heads-up SNB Forum member @Ubimo
www.snbforums.com www.snbforums.com
 
Last edited:
heysoundude said:
I think (in fact, I'd bet) you're going to really like WireGuard. https://www.wireguard.com/
It's coming in an upcoming Asus firmware release (and will naturally follow to Merlin's), but if you pop over to the Asuswrt-Merlin Addons subforum, they've been working on/with it for a few years now. Perhaps you might want to investigate and consider that alternative to Tinc to achieve your desires/goals/needs, if you're confident in your knowledge/understanding/skills.

For your convenience:
www.snbforums.com

Wireguard - Session Manager - Discussion (2nd) thread

This thread http://www.snbforums.com/threads/session-manager.70787/ has now expired. Thanks for the heads-up SNB Forum member @Ubimo
www.snbforums.com www.snbforums.com
Click to expand...
Thanks for your reply! I'll definitely look into WireGuard.

For now I'm going back to FreshTomato on my AC68P.

It's really unfortunate that Tomato series don't support newer routers... I've been using it for many years. It has never disappointed me.
 
You might want to check out John's Fork for that model router. There's a sticky at the top of this forum
 
You must log in or register to reply here.

Similar threads

R
Script to detect backup wan and disable certain devices from internet access
Replies
0
Views
333
RandomUser777
R
R
One router, two segments desired.
Replies
4
Views
384
Rombo
R
NoBenefit
Does my iptables looks normal?
Replies
1
Views
630
ColinTaylor
C
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
401
Grefyne
G
Nick B
Allowing Incoming WAN Connections for WireGuard Client Listed in Director
Replies
7
Views
1K
arkywein
A
Similar threads
Thread starter Title Forum Replies Date
Diveblaster What to trust Asuswrt-Merlin 5
O Assigned IP address to the WAN interface via VPN director: no internet connection - why? Asuswrt-Merlin 1
M IPv6 and Router Advertisement adding route to delegated /56 via WAN interface Asuswrt-Merlin 0
M Allow admin web GUI access on another interface (tailscale0) Asuswrt-Merlin 0
R Interface Shown As 5G Wifi When Connected To 2.5G Ethernet Asuswrt-Merlin 7
ArashT Issue with tun interface Asuswrt-Merlin 6
F Solved How to create virtual interface on AsusWRT? Asuswrt-Merlin 1
H Any Risk In Adding Second IP Address To br0 Interface? Asuswrt-Merlin 3
H Changing WireGuard Interface Address From wgclient.postconf Script? Asuswrt-Merlin 4
R Local network randomly inaccessible from 5GHz interface Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 924 (members: 18, guests: 906)
Top