Tincd and nat
-
Hello all,
I have the latest tinc package installed and I am trying to do NAT inbound/outbound on the tap interface created by tinc. I am able to connect to the mesh succesfully and I am also able to communicate with all other nodes in the mesh succesfully directly from the pfsense box (i.e. i can connect to any open port on any host in the network, 10.123.77.0/24). My setup is thus:
host: orwell
local ip: 10.123.77.81
private and public key defined
extra tinc parameters:
localdiscovery=yes
processpriority=high
mode=switchI am connected successfully to two other "hosts" in the mesh, and I am able to ping and connect to any address in the mesh successfully directly from pfsense's CLI. My next step is to create inbound and outbound nat rules to translate the physical interfaces (in this case, 172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24) to the tinc tap interface and vice versa. However, I am unable to select tinc as a valid interface when I create inbound or outbound NAT rules. I am able to create firewall rules but not able to create NAT rules. The only interfaces I am able to choose are the physical interfaces (as well as my openvpn interface). Is there a quick and dirty way to be able to NAT outbound/inbound to the tinc local IP address?
-
I hate to be "that person" but does anyone has a suggestion? Or at least the email address of the dev who wrote this package?
-
For NAT you'd have to assign the interface from Interfaces > (assign). I'm not sure that you'll be able to do that at the moment though since I think we specifically don't list tun or tap interfaces there, but it's worth a shot. If you can assign it, enable the interface, leave the IP type as 'none', and then restart tinc after you apply the interfaces settings. After that you should be able to enter NAT rules.
Though NAT sort of defeats the purpose of a mesh VPN… you may have other issues later with routing.
-
well this worked. thanks. I forgot about the interface assign page…
