Hi all, There's long time I'm having problems with a vpn... I'd be glad if somebody could check my current setup. Our problem is we're having tinc-vpn shortcuts while we have no bandwidth problem nither 'ssh' trouble. I attached some log lines from both the "server" and the "client". Some ASCII art... ___ ___ ___ | | tinc vpn | | | | | p | over ADSL | i | LAN | p | | a | __________ | s | ________ | a | | m | / / | i | / / | t | | |__/ /___| |__/ /___| | ----- ----- ----- pub:200.x.x.x pub:dynamic vpn:10.10.10.1 vpn:10.10.10.2 pri:192.168.144.1 pri:192.168.144.1 Ok, let's see the configs of pam(perito) and isi(dorito). I named their virtual interfaces as 'pamvpn' and 'isivpn'. a-'isidorito' (our gateway+firewall+proxy) with dynamic IP /etc/tinc/vpn/tinc.conf Name = isivpn Device = /dev/net/tun PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv ConnectTo = pamvpn /etc/tinc/vpn/tinc-up ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 ifconfig $INTERFACE 10.10.10.2 netmask 255.255.0.0 ifconfig $INTERFACE -arp /etc/tinc/vpn/hosts/isivpn Subnet = 10.10.10.2/32 Subnet = 192.168.144.0/24 TCPOnly = yes -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- /etc/tinc/vpn/hosts/pamvpn isidorito:/etc/tinc/vpn/hosts# cat /etc/tinc/vpn/hosts/ isivpn pamvpn isidorito:/etc/tinc/vpn/hosts# cat /etc/tinc/vpn/hosts/pamvpn Address = 200.x.x.x Subnet = 10.10.10.1/32 -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- b-'pamperito' (it waits for isi's connections) /etc/tinc/vpn/tinc.conf Name = pamvpn Device = /dev/tun PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv /etc/tinc/vpn/tinc-up ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 ifconfig $INTERFACE 10.10.10.1 netmask 255.255.0.0 ifconfig $INTERFACE -arp route add -net 192.168.144.0 netmask 255.255.255.0 gw isivpn dev vpn pamvpn and isivpn are setup as in 'isidorito' Is everything ok here? In isidorito's syslog I even found: nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with isivpn (MYSELF) ^^^^^^^^^^^^^^^ I remember I added the subnet 192.168.144.0/24 because 'pat' is our internal smtp server... so 'pam' needs to reach 'pat' for mail delivery and viceversa. I suspect I'm making a setup mistake, any clue will be very appreciated. TIA, - Roberto ------------ próxima parte ------------ nov 11 16:12:29 pamperito tinc.vpn[17311]: Metadata socket error for isivpn (168.226.139.225 port 1871): Conexi?n reinicializada por la m?quina remota nov 11 16:14:54 pamperito tinc.vpn[17311]: Metadata socket error for isivpn (168.226.139.225 port 2341): Conexi?n reinicializada por la m?quina remota nov 11 16:16:21 pamperito tinc.vpn[17311]: Bogus data received from isivpn (168.226.139.225 port 2381) nov 11 16:17:08 pamperito tinc.vpn[17311]: Bogus data received from isivpn (168.226.139.225 port 2386) Nov 11 16:49:02 pamperito exiscanv2[31949]: 1CSKwD-0000SI-00 F:<tinc-bounces@tinc-vpn.org> T:rmeyer@idr.org.ar R:clean, marked for dequeue nov 11 17:05:41 pamperito tinc.vpn[17311]: Bogus data received from isivpn (168.226.140.12 port 3110) ------------ próxima parte ------------ nov 11 16:12:38 isidorito tinc.vpn[5841]: Sending meta data to pamvpn (200.x.x.x port 655) failed: Recurso no disponible temporalmente nov 11 16:12:38 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) nov 11 16:12:38 isidorito tinc.vpn[5841]: Trying to re-establish outgoing connection in 5 seconds nov 11 16:12:45 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) nov 11 16:12:46 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) nov 11 16:12:47 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated nov 11 16:15:02 isidorito tinc.vpn[5841]: Sending meta data to pamvpn (200.x.x.x port 655) failed: Recurso no disponible temporalmente nov 11 16:15:02 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) nov 11 16:15:02 isidorito tinc.vpn[5841]: Trying to re-establish outgoing connection in 10 seconds nov 11 16:15:18 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) nov 11 16:15:19 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) nov 11 16:15:20 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated nov 11 16:16:31 isidorito tinc.vpn[5841]: Metadata socket error for pamvpn (200.x.x.x port 655): Conexi?n reinicializada por la m?quina remota nov 11 16:16:31 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) nov 11 16:16:31 isidorito tinc.vpn[5841]: Trying to re-establish outgoing connection in 15 seconds nov 11 16:16:52 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) nov 11 16:16:53 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) nov 11 16:16:54 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated nov 11 16:17:17 isidorito tinc.vpn[5841]: Metadata socket error for pamvpn (200.x.x.x port 655): Conexi?n reinicializada por la m?quina remota nov 11 16:17:17 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) nov 11 16:17:17 isidorito tinc.vpn[5841]: Trying to re-establish outgoing connection in 20 seconds nov 11 16:17:40 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) nov 11 16:17:41 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) nov 11 16:17:42 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated nov 11 16:43:24 isidorito tinc.vpn[5841]: Regenerating symmetric key nov 11 17:05:29 isidorito tinc.vpn[5841]: Got HUP signal nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with isivpn (MYSELF) nov 11 17:05:35 isidorito tinc.vpn[5841]: Rereading configuration file and restarting in 5 seconds... nov 11 17:05:40 isidorito tinc.vpn[5841]: /dev/net/tun is a Linux tun/tap device nov 11 17:05:40 isidorito tinc.vpn[5841]: Executing script tinc-up nov 11 17:05:41 isidorito tinc.vpn[5841]: Listening on 0.0.0.0 port 655 nov 11 17:05:41 isidorito tinc.vpn[5841]: Ready nov 11 17:05:41 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) nov 11 17:05:41 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) nov 11 17:05:42 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated nov 11 17:05:50 isidorito tinc.vpn[5841]: Sending meta data to pamvpn (200.x.x.x port 655) failed: Recurso no disponible temporalmente nov 11 17:05:50 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) nov 11 17:05:50 isidorito tinc.vpn[5841]: Trying to re-establish outgoing connection in 5 seconds nov 11 17:06:04 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) nov 11 17:06:05 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) nov 11 17:06:06 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated
On Thu, Nov 11, 2004 at 06:05:18PM -0300, Roberto Meyer wrote:> /etc/tinc/vpn/hosts/isivpn > Subnet = 10.10.10.2/32 > Subnet = 192.168.144.0/24 > TCPOnly = yes > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY-----Is there a reason for using TCPOnly? If not, try removing that option.> In isidorito's syslog I even found: > > nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with > pamvpn (200.x.x.x port 655) > nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with > isivpn (MYSELF) > ^^^^^^^^^^^^^^^When tinc shuts down, it always closes "itself", this is normal.> I suspect I'm making a setup mistake, any clue will be very > appreciated.Your configuration files do not contain any errors as far as I can see, however: [...]> nov 11 16:17:17 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) > nov 11 16:17:17 isidorito tinc.vpn[5841]: Trying to re-establish outgoing connection in 20 seconds > nov 11 16:17:40 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) > nov 11 16:17:41 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) > nov 11 16:17:42 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated > nov 11 16:43:24 isidorito tinc.vpn[5841]: Regenerating symmetric key > nov 11 17:05:29 isidorito tinc.vpn[5841]: Got HUP signal > nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) > nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with isivpn (MYSELF) > nov 11 17:05:35 isidorito tinc.vpn[5841]: Rereading configuration file and restarting in 5 seconds...[...] That suggests that you are using an old version of tinc. Please try out 1.0.3, which has been released today. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20041111/ebf75963/attachment.pgp
Apparently Analagous Threads
- can't ping to an internal IP through tinc's virtual interfaces (fwd)
- Windows Clients Can't join a Samba-OpenLDAP Domain (bad passwod after 30 seconds)
- smb signing is incompatible with share level security !
- Panic or segfault in Samba
- Problem connecting to Win2k share