tinc: Establishing a gateway to tinc network



  • pfsense: 2.4.4-RELEASE; tinc: 1.0.35

    Current state: tinc mesh network connects two internal hosts to two external hosts. tinc is in the default "router" mode. I like it. Simple. Robust.

    Desired state:

    1. Add pfsense as an additional internal host on this existing tinc network and
    2. use the pfsense firewall as a gateway to allow certain specific packets from the LAN to the tinc network and vice versa.

    Seemingly 1) is working with the default configuration. On the firewall I have an interface (192.168.3.1/32) to the tinc subnet (192.168.3.1/24). I can ping and establish ssh connections from the pfsense shell CLI to the external hosts. (The very recent versions noted above seem to be moving in the right direction.)

    Here's the problem I'm having with 2). In order to enter a firewall rule I require a name for the gateway to the tinc network. At System/Routing/Gateways there's a way to add a gateway name IF I have an interface name for my 192.168.3.0/24 tinc network. Next I go to Interfaces/Assignments/Interface Groups. This has an entry for 'pkg_tinc', perhaps that needs a tweak. I edit it, attempt to save it, and get an error message stating: "Group name cannot start with pkg_". Am I approaching this the right way? How do I get it to work?