Hi everyone, I'm setting up a VPN over IPv6, attempting to build an IPv4-over-IPv6 tunnel, but when I try to connect to the server, I got this: System call `getaddrinfo' failed: Address family not supported. Client runs WindowsXP, and I did almost exactly the same as http://www.tinc-vpn.org/examples/windows-install . Here is the configuration files: ------- tinc.conf ------- Name = windywinter ConnectTo = server Interface = VPN AddressFamily = ipv6 ------- host/windywinter ------- Subnet = 10.88.9.11/32 -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- ------- host/server ------- Address = 2001:da8:d800:790:218:f3ff:fe2e:52e3 //no matter I change this to what, it returns the same error. Subnet = 10.88.9.0/24 -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- Does anyone knows what caused this? Thanks. ---------- Soli Deo gloria, yours WindyWinter and http://www.briefdream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090822/db9f40b4/attachment.html>
On Sat, Aug 22, 2009 at 01:52:16PM +0800, WindyWinter wrote:> I'm setting up a VPN over IPv6, attempting to build an IPv4-over-IPv6 > tunnel, but when I try to connect to the server, I got this: System call > `getaddrinfo' failed: Address family not supported. > Client runs WindowsXP, and I did almost exactly the same as > http://www.tinc-vpn.org/examples/windows-install . Here is the configuration > files:[...]> Address = 2001:da8:d800:790:218:f3ff:fe2e:52e3 //no matter I change this to what, it returns the same error.[...]> Does anyone knows what caused this? Thanks.After checking, I'm afraid the tincd.exe from the installer has been compiled with a stub getaddrinfo() function that only does IPv4 lookups. This is because Windows 2000 did not have a getaddrinfo() function, and you have to add a #define to the source code to enable this function on WindowsXP, making the binaries backwards incompatible with Win2k. So, it is probably an easy fix, but I do not have time at the moment to create a new version. Unless somebody else wants to try to fix this, you will have to wait until the end of September. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090822/e0950a33/attachment.pgp>
On Sun, Sep 06, 2009 at 12:20:57PM +0200, Hans de Groot wrote:> Now I also have 4 clienst that conenct from my home which is behind nat > and when using netstat I see 4 connects from my ipat home to poort 655 > on the master. > > I can ping al 4 the clients (on the internal tincd ip numbers) from the > master en vice versa. I can also ping all the other tincd ipnumers > > But when I set up a mysql connect (ie mysql -h client1 ....) > problems start. This is very unstable. sometimes it connects and I am > in the msql client. Sometimes I can issue a use msql and it work or > sometimes it allready fails. and sometimes I can even get to the select > * from part and have the results (many times in a row or sometimes just > once and it gets stuck. > > In debug mode tincd tells me it could ot flush data from the master in > xx seconds and restarts/reset the connection and ping works again.You are using TCPOnly, and apparently the TCP buffers are full. This is probably because MySQL sends a lot of data at once, and the kernel does not know the real bandwidth of your tunnel yet, and sends everything to tinc in one go. Tinc tries to send it over its tunnel, filling the TCP buffers, but since it takes a while before the other side ACKs it, tinc cannot send anymore. There is a check in tinc to drop connections that are "stuck" as far as it can see. This causes a restart of that connection, and it will probably result in the very bad performance you experience. There are some changes in the git repository already that might alleviate this problem, but I do not know what you can do with tinc 1.0.9 except adding traffic shaping with iproute, or by decreasing the size of the TCP buffers: echo 4096 16384 32768 >/proc/sys/net/ipv4/tcp_wmem If the latter helps, I can try to automate this in tinc.> It seems I can make any connection from the client to the master but not > from the master to the client. > I seems like the master gets confused (sometimes) where to send the data > (or where to set up a new tcp session) My clients are behind a masq > firewall and are unreachable from the outside. > Ping always works but this is icmp.If your clients are behind a masquerading firewall, then the tincd on the server cannot set up a TCP connection with the clients of course. But once the tincds on the clients have made a connection to the server, the server should be able to connect to the clients without problems via the tunnels. Unless the clients themselves run some kind of firewall that block incoming connections from the VPN interface.> client001 > Cipher = blowfish > Compression =0 > Digest = sha1 > IndirectData = no > Port = 655 > # hier de echte subnet mask waarden gebruiken > Subnet = 5.10.22.0/24 > TCPonly = YesIf you use TCPOnly = yes, IndirectData is always set to yes as well. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090906/3511f3fc/attachment.pgp>
Hi, Thanks for your reply. I tried your settings but it did not help. I switched back to a direct mysql connection from the master001 to the client001 via port forwarding and gues what? I have the same problem here. (some times it works sometimes not) Only there is a difference, only the mysql session gets stuck,. ping and other connectivity keeps working. In the tinc setup the whole tinc interface/route got reset. (network unreachable) So I gues tinc is not to blame here. but I have no clue why this happens. I am using perl/dbi to connect to remote mysql servers for ages. It almost seems like there is a content sniffing firewall that blocks things, but since tinc encrypt things it could never know about the mysql data over a tinc line. Anyway thanks again for your reply. Regards Hans de Groot On Sun, 6 Sep 2009 22:10:35 +0200 Guus Sliepen <guus at tinc-vpn.org> wrote:> On Sun, Sep 06, 2009 at 12:20:57PM +0200, Hans de Groot wrote: > > > Now I also have 4 clienst that conenct from my home which is behind nat > > and when using netstat I see 4 connects from my ipat home to poort 655 > > on the master. > > > > I can ping al 4 the clients (on the internal tincd ip numbers) from the > > master en vice versa. I can also ping all the other tincd ipnumers > > > > But when I set up a mysql connect (ie mysql -h client1 ....) > > problems start. This is very unstable. sometimes it connects and I am > > in the msql client. Sometimes I can issue a use msql and it work or > > sometimes it allready fails. and sometimes I can even get to the select > > * from part and have the results (many times in a row or sometimes just > > once and it gets stuck. > > > > In debug mode tincd tells me it could ot flush data from the master in > > xx seconds and restarts/reset the connection and ping works again. > > You are using TCPOnly, and apparently the TCP buffers are full. This is > probably because MySQL sends a lot of data at once, and the kernel does not > know the real bandwidth of your tunnel yet, and sends everything to tinc in one > go. Tinc tries to send it over its tunnel, filling the TCP buffers, but since > it takes a while before the other side ACKs it, tinc cannot send anymore. There > is a check in tinc to drop connections that are "stuck" as far as it can see. > This causes a restart of that connection, and it will probably result in the > very bad performance you experience. > > There are some changes in the git repository already that might alleviate this > problem, but I do not know what you can do with tinc 1.0.9 except adding > traffic shaping with iproute, or by decreasing the size of the TCP buffers: > > echo 4096 16384 32768 >/proc/sys/net/ipv4/tcp_wmem > > If the latter helps, I can try to automate this in tinc. > > > It seems I can make any connection from the client to the master but not > > from the master to the client. > > I seems like the master gets confused (sometimes) where to send the data > > (or where to set up a new tcp session) My clients are behind a masq > > firewall and are unreachable from the outside. > > Ping always works but this is icmp. > > If your clients are behind a masquerading firewall, then the tincd on the > server cannot set up a TCP connection with the clients of course. But once the > tincds on the clients have made a connection to the server, the server should > be able to connect to the clients without problems via the tunnels. Unless the > clients themselves run some kind of firewall that block incoming connections > from the VPN interface. > > > client001 > > Cipher = blowfish > > Compression =0 > > Digest = sha1 > > IndirectData = no > > Port = 655 > > # hier de echte subnet mask waarden gebruiken > > Subnet = 5.10.22.0/24 > > TCPonly = Yes > > If you use TCPOnly = yes, IndirectData is always set to yes as well. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org>--- Hans de Groot Email: hansg at dandy.nl www: http://www.dandy.nl
On Mon, Sep 07, 2009 at 01:09:40PM +0200, Hans de Groot wrote:> I tried your settings but it did not help. > > I switched back to a direct mysql connection from the master001 to the > client001 via port forwarding and gues what? I have the same problem > here. (some times it works sometimes not) > > Only there is a difference, only the mysql session gets stuck,. ping and > other connectivity keeps working. In the tinc setup the whole tinc > interface/route got reset. (network unreachable)Ok, that makes sense... my guess is that TCP connections other than to/from port 80 are being cut off, maybe in an attempt to "enhance" your Internet experience by throttling peer-to-peer traffic. You could try running tincd on master001 on a different port, like 21, 22, 23, 25, 53, 80, 443, or any other very common, non-p2p port that is not in use on that machine. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090907/a1173f21/attachment.pgp>
oh, perhaps I should allocate more ram to the linux node. it was used as a gateway so i only assigned 26m of ram. but that need a reboot. the windows node may be online a lot latter, because i have to find an english version of windows xp (or any other language you prefer? please let me know). i'll notice you when i got it and the memory reallocation was completed. Soli Deo gloria, yours WindyWinter and http://www.briefdream.com On Sat, Sep 12, 2009 at 4:18 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:> On Sat, Sep 12, 2009 at 01:48:28PM +0800, WindyWinter wrote: > > > OK. the linux node is online. it's a dul-stack vps running debian. tinc > have > > been installed. > > host: tinc.briefdream.com > > user: guus > > pw: zxcvbnm > > Ok, I can log in to that one via IPv6. > > > Umm, the windows node... actually i dont know how to set up a windows > node > > for you (to access remotely?)... > > Hm, something like VNC or Remote Desktop would work, and is the easiest way > I think. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkqrWVEACgkQAxLow12M2nsrRQCglyZaOXZrnZ5cuqIFgLvj9wlF > DqgAnR9GAWFl76AvbjAOQAkRmhC5dMqC > =t8Wi > -----END PGP SIGNATURE----- > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090912/bcfdbf4b/attachment.htm>
I'm sorry. I meant that I have already found one and now the windows node has been online. Soli Deo gloria, yours WindyWinter and http://www.briefdream.com On Sun, Sep 13, 2009 at 10:31 PM, Donald Pearson <donaldwhpearson at gmail.com>wrote:> Ok. > > ftp://herndonites.com > > username WindyWinter > password WindyWinter > > there is also a text file with a serial code that will allow you to install > it. However, that serial code is no good for registering or updating. \ > > Regards, > Donald > > > On Sun, Sep 13, 2009 at 9:54 AM, WindyWinter <bslgh1 at gmail.com> wrote: > >> OK, i've found one, at last. >> Soli Deo gloria, >> yours WindyWinter >> and http://www.briefdream.com >> >> >> On Sun, Sep 13, 2009 at 9:58 AM, Donald Pearson < >> donaldwhpearson at gmail.com> wrote: >> >>> I can help with an English version of Windows XP in 32 bit if you still >>> need it. Let me know if you do, and I will create a special FTP account for >>> you where you can download a CD image from. >>> >>> On Sat, Sep 12, 2009 at 4:44 AM, Guus Sliepen <guus at tinc-vpn.org>wrote: >>> >>>> On Sat, Sep 12, 2009 at 04:32:40PM +0800, WindyWinter wrote: >>>> >>>> > oh, perhaps I should allocate more ram to the linux node. it was used >>>> as a >>>> > gateway so i only assigned 26m of ram. but that need a reboot. >>>> > the windows node may be online a lot latter, because i have to find an >>>> > english version of windows xp (or any other language you prefer? >>>> please let >>>> > me know). >>>> >>>> English is fine. >>>> >>>> > i'll notice you when i got it and the memory reallocation was >>>> completed. >>>> >>>> Ok, thanks! >>>> >>>> -- >>>> Met vriendelijke groet / with kind regards, >>>> Guus Sliepen <guus at tinc-vpn.org> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.10 (GNU/Linux) >>>> >>>> iEYEARECAAYFAkqrX2AACgkQAxLow12M2ntjswCfeQ8xcHFkz843H9ldGSFipAP2 >>>> YWcAn2NP7mNSneLZm97YHKwPqd798Nhm >>>> =7Y4W >>>> -----END PGP SIGNATURE----- >>>> >>>> _______________________________________________ >>>> tinc mailing list >>>> tinc at tinc-vpn.org >>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>> >>>> >>> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090913/924585a9/attachment.htm>
well, it seems that the windows node works well. Guus said that he could not connect the linux node(202.141.161.28) via ipv4 but could connect the windows node(202.141.161.29). and they both can be reached via ipv6. i dont get it - how can one node is accessible and another is not while they are in the same subnet? Soli Deo gloria, yours WindyWinter and http://www.briefdream.com On Mon, Sep 14, 2009 at 6:00 AM, Donald Pearson <donaldwhpearson at gmail.com>wrote:> Oh! > > Well that's great news :) > > Is it running well? > > > On Sun, Sep 13, 2009 at 10:33 AM, WindyWinter <bslgh1 at gmail.com> wrote: > >> I'm sorry. I meant that I have already found one and now the windows node >> has been online. >> Soli Deo gloria, >> yours WindyWinter >> and http://www.briefdream.com >> >> >> On Sun, Sep 13, 2009 at 10:31 PM, Donald Pearson < >> donaldwhpearson at gmail.com> wrote: >> >>> Ok. >>> >>> ftp://herndonites.com >>> >>> username WindyWinter >>> password WindyWinter >>> >>> there is also a text file with a serial code that will allow you to >>> install it. However, that serial code is no good for registering or >>> updating. \ >>> >>> Regards, >>> Donald >>> >>> >>> On Sun, Sep 13, 2009 at 9:54 AM, WindyWinter <bslgh1 at gmail.com> wrote: >>> >>>> OK, i've found one, at last. >>>> Soli Deo gloria, >>>> yours WindyWinter >>>> and http://www.briefdream.com >>>> >>>> >>>> On Sun, Sep 13, 2009 at 9:58 AM, Donald Pearson < >>>> donaldwhpearson at gmail.com> wrote: >>>> >>>>> I can help with an English version of Windows XP in 32 bit if you still >>>>> need it. Let me know if you do, and I will create a special FTP account for >>>>> you where you can download a CD image from. >>>>> >>>>> On Sat, Sep 12, 2009 at 4:44 AM, Guus Sliepen <guus at tinc-vpn.org>wrote: >>>>> >>>>>> On Sat, Sep 12, 2009 at 04:32:40PM +0800, WindyWinter wrote: >>>>>> >>>>>> > oh, perhaps I should allocate more ram to the linux node. it was >>>>>> used as a >>>>>> > gateway so i only assigned 26m of ram. but that need a reboot. >>>>>> > the windows node may be online a lot latter, because i have to find >>>>>> an >>>>>> > english version of windows xp (or any other language you prefer? >>>>>> please let >>>>>> > me know). >>>>>> >>>>>> English is fine. >>>>>> >>>>>> > i'll notice you when i got it and the memory reallocation was >>>>>> completed. >>>>>> >>>>>> Ok, thanks! >>>>>> >>>>>> -- >>>>>> Met vriendelijke groet / with kind regards, >>>>>> Guus Sliepen <guus at tinc-vpn.org> >>>>>> >>>>>> -----BEGIN PGP SIGNATURE----- >>>>>> Version: GnuPG v1.4.10 (GNU/Linux) >>>>>> >>>>>> iEYEARECAAYFAkqrX2AACgkQAxLow12M2ntjswCfeQ8xcHFkz843H9ldGSFipAP2 >>>>>> YWcAn2NP7mNSneLZm97YHKwPqd798Nhm >>>>>> =7Y4W >>>>>> -----END PGP SIGNATURE----- >>>>>> >>>>>> _______________________________________________ >>>>>> tinc mailing list >>>>>> tinc at tinc-vpn.org >>>>>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >>>>>> >>>>>> >>>>> >>>> >>> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20090914/46f076ea/attachment.htm>