-
BTW, I did Google and search github and etc. and never landed on anything regarding this. I'm certain there is somethign somewhere, but I didn't get the correct search i suppose. I am in the process of moving a bunch of specialty software,Nebula being one of them, to a Ubuntu box which has multiple virtual IP addresses. Actual physical address is 192.168.0.45. I had Nebula running successfully on a Raspberry Pi with a physical IP address of 192.168.0.15. Since I am lazy, I didn't want to redo any static routes that I had set on my router so I created a virtual IP of 192.168.0.15 on the Ubuntu box. It works well as I have unsafe routes on two LANs connected via Nebula miles apart. My T-LAN sees the WM-LAN (lighhouse) and vice- versa which is awesome. This has worked well for a coujple years (other than forgetting about the certificate expiry a few times), and works well on the Ubuntu box. EXCEPT: I just "installed" the Windows version on my Win 11 Pro laptop, adding the unsafe routes of my LANs. The T-LAN, still on a raspberry pi with a physcial interface of 1.30, works great. I can see it's LAN just fine! But I cannot see the WM-LAN (Lighthouse) at all. I can ping and access the 1.15 address, the physical IP of 1.45 and one other virtual IP I have which I can't recall right now why I have it. What did I miss in my config.yml file? There is no unsafe route in my cert for my laptop as who knows what LAN I might be on. ALso my IP of the laptop was no where near my WM-LAN (lighthouse) IP. Do I or should I set the virtual IP under: ...and should I also add my virtual IP to: This is the only thing I can think of that might be messing up my windows ability to see my unsafe route (LAN). Thanks so much for any thoughts. Again, all is working well with a static route on my router (192.168.0.20) pointing to 0.15 for the current two node setup. One cloent and one lighthouse. Adding the windows Nebula in things are different. It can access on LAN but not the other, Thanks so much for any help! John |
Beta Was this translation helpful? Give feedback.
Replies: 8 comments 8 replies
-
Hi @johnjces - can you please post your config.yml's and log files from each host, removing any sensitive material such as the |
Beta Was this translation helpful? Give feedback.
-
THANK-YOU! Herein is a quick logfile and my config.yml file. As a reminder, I can access all devices on my 192.168.1.0/24 LAN and I can only access the lighthouse via local IP of 192.168.0.15 or 192168.98.1, the VPN IP on this Windows 11 Pro PC. Not seeing anything off in the log and I'm not seeing anything off in my config file but I am still learning! Also as a reminder, when I am local on either LAN I can see all devices. Just can't see the 0.0/24 LAN when away and on the WIndows Laptop. I reiterated this as sometimes when I try to explain things on forums I am not clear or confusing. If I missed something, please let me know. Do you need any files from the lighthouse (192.168.0.0/24 node) or the Other lan, (192.168.1.0/24) node? Uh oh... config.yml not displaying correctly even using the code tag. I had to remove all comments that had a hastag. I hope I didn't remove something necessary for your review. logfile:
config.yml
|
Beta Was this translation helpful? Give feedback.
-
Here is the lighthouse config.yml with hashtags/comments removed. This is the 192.168.0.0/24 LAN that I cannot see except for the box nebula is running.
|
Beta Was this translation helpful? Give feedback.
-
Thanks @johnjces - for future reference, you can use three backticks (```) to encapsulate a multi-line code block. I've gone ahead and edited your comments to include these - I hope you do not mind.
Thanks for reiterating and sharing the configs. Next time you are away, and this unsafe route is not working, can you run |
Beta Was this translation helpful? Give feedback.
-
@johnmaguire I knew that and ensured when I connected, when I first wrote my question above, (I was away from home) that I was on my Verizon phone's hotspot with wireless off connected only to Verizon's internet and had a local IP of no where near 192.168.0.0/24 or 192.168.1.0/24. The lan I was on at the time, before connecting to Verizon was 192.168.1.0/24. But was no where near that and had no difficulty seeing my 1.0/24 lan. FWIW, I set up the Windows Nebula when I was away and after several days trying to figure it out, wrote the post. When I did the configs and yml files for posting, I did do that from home on my 192.168.0.0 network but again connected via my phone's hotspot using only the Verizon network internet and checked my local IP using Is there something I was missing in setting up my certificates? Command line switches? Ugh! Any other thoughts? And again, thank-you! John |
Beta Was this translation helpful? Give feedback.
-
Hi @johnjces - To be honest, I'm struggling to sort out what your network looks like, and what you're trying to do.
Regardless of your actual IP address, we need to know what subnet the ISP is advertising. In any case, please fetch the
I want to make sure I'm understanding you correctly here. Before connecting to Verizon, you were on a LAN that used 192.168.1.0/24 as its IP space. This LAN is different from the network you were exposing via unsafe_routes. The unsafe_routes subnet was also 192.168.1.0/24, and you were able to talk to devices through the unsafe_routes feature? This doesn't sound right, so I'd love to understand more about the behavior you're seeing. For example, when there are IP address conflicts between your local LAN and your unsafe_routes subnet, which device is your node speaking with? Again,
I do not understand this statement. You say, "I did do that from on my 192.168.0.0 network" but then you say "but again connected via my phone's hotspot using only the Verizon network internet." How can you be connected to your local 192.168.0.0 network if you're also only connected to your phone's hotspot on the Verizon network? Also, I just want to take a moment to clarify some context from your original message:
OK, so far so good. You were running Nebula on a Raspberry Pi (192.168.0.15), and are migrating to an Ubuntu machine (192.168.0.45) which has many virtual addresses, including that of your old Pi. Is this the machine that's exposing
When you refer to T-LAN, I assume this is your 192.168.0.0/24 LAN. When you refer to WM-LAN, I assume this is 192.168.1.0/24. It sounds like your WM-LAN is exposed via unsafe_routes by your Lighthouse, correct? When you say this "works well on the Ubuntu box," you mean that your Ubuntu machine can access resources on the 192.168.1.0/24 subnet being exposed by the Lighthouse.
You have completely lost me here... You have a new Windows laptop, and it is trying to access both unsafe_routes (referred to as T-LAN and WM-LAN, and exposed by your Ubuntu VM and Lighthouse, respectively.) But then you mention your Raspberry Pi has a physical interface of 1.30. Previously, you mentioned it had an IP address of 192.168.0.15. So are you saying you have physically moved it from your T-LAN (192.168.0.0/24) to your WM-LAN (192.168.1.0/24)? Or does it now exist on an entirely separate (third) LAN, which also uses 192.168.1.0/24? When you say it "the T-LAN [...] works great" on the Raspberry Pi, do you mean that it is able to access the 192.168.0.0/24 subnet, as exposed by your new Ubuntu machine? You then say that "I cannot see the WM-LAN (Lighthouse) at all" - my understanding is that WM-LAN is 192.168.1.0/24. If the Raspberry Pi has a physical address of 192.168.1.30, why does it need to use unsafe_routes to access this LAN? It sounds like it is physically present on the LAN. I don't know what to make of the comments about which hosts you can ping, because I don't understand the network topology of this Raspbbery Pi at this point, or how it fits into your Windows issues... As for whether your certificates are correct, your nodes that are providing unsafe_routes to other devices need to have that subnet described in their certificate. You can verify this with the |
Beta Was this translation helpful? Give feedback.
-
Thanks again for taking the time to explain your network setup. I do apologize for any frustration you may have picked up on in my tone - it is not directed at you, but at my failure to understand the scenario. I've tried to diagram your network topology. Does this look right? In particular, do I have it correct that a Raspberry Pi is acting as your unsafe_routes router in TLAN, with IP 192.168.1.30 (LAN), 192.168.98.3 (Nebula), routing for 192.168.1.0/24? Also, you've mentioned that if your Windows machine is in the TLAN, instead of remote (e.g. the Verizon hotspot), then it can access the WMLAN, correct? Can you share the output of |
Beta Was this translation helpful? Give feedback.
-
It has been several weeks of life and work and I have been spotty at best on my issue, It is my screwup that I seem to finally have discovered. Getting old and trying to keep up and makes sense of some of this tech stuff and remembering some of the things that I did and need to be done to ensure things are working can be difficult. Enough of my excuses, Let me say that I am sorry I put you all through this excercise. Oh me... My two Ubuntu instances that are hosting Nebula, one a lighthouse the other the client, did not have the firewall enabled and even though I did the post routing stuff, it certainly did nothing. It is no wonder that I couldn't get to the other devices on the lans. I recall very clearly doing that wiht my raspberry pis which worked perfectly and remember doing it on the Ubuntu machines, but no firewall enabled makes things not want work correctly when you need to move packets around. I am so sorry. But thank you so much for helping. One very embarrassed user, John |
Beta Was this translation helpful? Give feedback.
It has been several weeks of life and work and I have been spotty at best on my issue, It is my screwup that I seem to finally have discovered. Getting old and trying to keep up and makes sense of some of this tech stuff and remembering some of the things that I did and need to be done to ensure things are working can be difficult. Enough of my excuses, Let me say that I am sorry I put you all through this excercise. Oh me...
My two Ubuntu instances that are hosting Nebula, one a lighthouse the other the client, did not have the firewall enabled and even though I did the post routing stuff, it certainly did nothing. It is no wonder that I couldn't get to the other devices on the lans. I r…