networking – Local subnet behind Tinc VPN not reachable


I’m trying to setup a site-to-site VPN using tinc to access IP’s in my local subnet (172.16.10.x).

I’ve setup tinc using following configuration files. Pinging the tinc nodes is possible, but pinging towards the 172.16.10.x results in 100% packet loss.

What am I missing?

/etc/tinc/vpn/tinc-up (on HOST)

#!/bin/sh
ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0
ip route add 10.0.0.1/24 dev $INTERFACE

ip route add 172.16.10.0/24 dev $INTERFACE # gw

/etc/tinc/vpn/tinc-up (on GW)

#!/bin/sh
ifconfig $INTERFACE 10.0.0.2 netmask 255.255.255.0
ip route add 10.0.0.2/32 dev $INTERFACE

traceroute (from HOST towards local subnet)

traceroute to 172.16.10.9 (172.16.10.9), 30 hops max, 60 byte packets
 1  10.0.0.2 (10.0.0.2)  16.954 ms  18.055 ms  18.493 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *

routing table on GW

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 vpn
gw              0.0.0.0         255.255.255.255 UH    0      0        0 vpn
PUBLIC.IP.ADDR  0.0.0.0         255.255.255.0   U     100    0        0 eth0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 eth0
172.16.10.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0