Alan S. Lawee
2010-Jul-18 23:05 UTC
FW: Windows 7 support? Should I be able to PING over the VPN?
Thanks for the quick reply, Guus. Well the debug helped a little bit. So did re-reading the manual again. I think I got further ahead, but unfortunately I still cannot quite get to complete the connection between the two nodes. It looks like the two nodes are communicating - they seem to be able to exchange RSA keys & MetaKeys, but for some reason, they start trying to exchange data on random ports (1361, 1362, 1436, etc.) before the connection has been completely established and I'm guessing that they might be getting blocked by Windows Firewall (I did add tinc.exe to the program exception list, along with port 655 on TCP and on UDP in the Firewall). There are no clues in the manual as to why it changes port numbers, but I guess that it's a security issue. I still cannot ping the other side on the VPN (192.168.19.0/24), but I guess that is because the connection was not established. (Ping works fine on node's side of the VPN and to both sides on the 192.168.17.0/24 subnet) I am also getting error messages "Cannot route packet from _xxx_ (MYSELF): unknown IPv4 destination address 192.168.3.255" The manual mentions that I should ignore broadcast messages (ending in .255), so I'm not sure if this message is relevant. Just in case you want to spend the time looking at them, I have attached text files of the debug information from each node. At the end, I have included the configuration files. (You will notice that I changed the local subnet to 196.168.17.0/24 and the VPN subnet to 192.168.19.0/24 from the ones mentioned in my previous e-mail -- Couldn't hurt to try.) Thanks again for the help. -----Original Message----- From: tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: Sunday, July 18, 2010 03:38 To: tinc at tinc-vpn.org Subject: Re: Windows 7 support? Should I be able to PING over the VPN? On Sun, Jul 18, 2010 at 12:52:59AM -0400, Alan S. Lawee wrote:> 1. I see from the archives that Vista support requires downloadingan> updated TAP driver from OpenVPN.net. I have just downloaded tinc > 1.0.13 and was not able to get the TAP driver to work on my Windows 7 > computer. Should I assume that 1.0.13 doesn't have the most current > TAP driver and I should use the one I downloaded from OpenVPN ? There > seems to be other issues with Windows 7 - the RSA keys are not stored > in the same place by default as they are for Windows XP, so there may beother configuration changes to make. 1.0.13 should contain the exact same TAP driver as with recent versions of OpenVPN. However, do try out the OpenVPN installer and see if that works. You need administrator rights to install the TAP driver, try right-clicking on addtap.bat and select "run as administrator". There is also a 32-bit and 64-bit version, choose the one matching your Windows isntallation.> 2. I've installed tinc on two Windows XP systems that are on thesame> LAN & subnet (192.168.1.0/24), but I configured them both to use a > different subnet (192.168.3.0/24). After adding routes at each end, I > am able to ping the local interface on each machine, but not the > remote interface. Does this mean that something is not installed or > configured properly, or is this normal behavior?I think you have misconfigured something. You can start tincd.exe with the extra options "-d5 -D", this will start tincd in the foreground and will show you what it is doing. Try to ping then, and see if it shows anything related to the ping message. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100718/9723aad6/attachment.pgp> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00004.txt URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100718/9723aad6/attachment.txt> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Debug-OFFICE.txt URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100718/9723aad6/attachment-0001.txt> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Debug-HOME.txt URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100718/9723aad6/attachment-0002.txt>
Alan S. Lawee
2010-Jul-19 04:44 UTC
FW: Windows 7 support? Should I be able to PING over the VPN?
Got it working. Guess I've been staring at the manual for too long. I tried it again from scratch & left all of the default values - I think my problem was putting the RSA Public Key in a separate file instead of letting it put itself in the Host Configuration File. Now I'm :-) I'll try to get Windows 7 working tomorrow. Best regards, Alan -----Original Message----- From: Alan S. Lawee [mailto:info at polygration.com] Sent: Sunday, July 18, 2010 19:05 To: tinc at tinc-vpn.org Subject: FW: Windows 7 support? Should I be able to PING over the VPN? Thanks for the quick reply, Guus. Well the debug helped a little bit. So did re-reading the manual again. I think I got further ahead, but unfortunately I still cannot quite get to complete the connection between the two nodes. It looks like the two nodes are communicating - they seem to be able to exchange RSA keys & MetaKeys, but for some reason, they start trying to exchange data on random ports (1361, 1362, 1436, etc.) before the connection has been completely established and I'm guessing that they might be getting blocked by Windows Firewall (I did add tinc.exe to the program exception list, along with port 655 on TCP and on UDP in the Firewall). There are no clues in the manual as to why it changes port numbers, but I guess that it's a security issue. I still cannot ping the other side on the VPN (192.168.19.0/24), but I guess that is because the connection was not established. (Ping works fine on node's side of the VPN and to both sides on the 192.168.17.0/24 subnet) I am also getting error messages "Cannot route packet from _xxx_ (MYSELF): unknown IPv4 destination address 192.168.3.255" The manual mentions that I should ignore broadcast messages (ending in .255), so I'm not sure if this message is relevant. Just in case you want to spend the time looking at them, I have attached text files of the debug information from each node. At the end, I have included the configuration files. (You will notice that I changed the local subnet to 196.168.17.0/24 and the VPN subnet to 192.168.19.0/24 from the ones mentioned in my previous e-mail -- Couldn't hurt to try.) Thanks again for the help. -----Original Message----- From: tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen Sent: Sunday, July 18, 2010 03:38 To: tinc at tinc-vpn.org Subject: Re: Windows 7 support? Should I be able to PING over the VPN? On Sun, Jul 18, 2010 at 12:52:59AM -0400, Alan S. Lawee wrote:> 1. I see from the archives that Vista support requires downloadingan> updated TAP driver from OpenVPN.net. I have just downloaded tinc > 1.0.13 and was not able to get the TAP driver to work on my Windows 7 > computer. Should I assume that 1.0.13 doesn't have the most current > TAP driver and I should use the one I downloaded from OpenVPN ? There > seems to be other issues with Windows 7 - the RSA keys are not stored > in the same place by default as they are for Windows XP, so there may beother configuration changes to make. 1.0.13 should contain the exact same TAP driver as with recent versions of OpenVPN. However, do try out the OpenVPN installer and see if that works. You need administrator rights to install the TAP driver, try right-clicking on addtap.bat and select "run as administrator". There is also a 32-bit and 64-bit version, choose the one matching your Windows isntallation.> 2. I've installed tinc on two Windows XP systems that are on thesame> LAN & subnet (192.168.1.0/24), but I configured them both to use a > different subnet (192.168.3.0/24). After adding routes at each end, I > am able to ping the local interface on each machine, but not the > remote interface. Does this mean that something is not installed or > configured properly, or is this normal behavior?I think you have misconfigured something. You can start tincd.exe with the extra options "-d5 -D", this will start tincd in the foreground and will show you what it is doing. Try to ping then, and see if it shows anything related to the ping message. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0001.pgp> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00004.txt URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0003.txt> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Debug-OFFICE.txt URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0004.txt> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Debug-HOME.txt URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0005.txt>
Guus Sliepen
2010-Jul-19 09:38 UTC
FW: Windows 7 support? Should I be able to PING over the VPN?
You got it working now, but to answer a few open questions: On Sun, Jul 18, 2010 at 07:05:08PM -0400, Alan S. Lawee wrote:> It looks like the two nodes are communicating - they seem to be able to > exchange RSA keys & MetaKeys, but for some reason, they start trying to > exchange data on random ports (1361, 1362, 1436, etc.) before the connection > has been completely established and I'm guessing that they might be getting > blocked by Windows Firewall (I did add tinc.exe to the program exception > list, along with port 655 on TCP and on UDP in the Firewall). There are no > clues in the manual as to why it changes port numbers, but I guess that it's > a security issue.This is completely normal behaviour for TCP connections. The program that initiates a connection gets assigned a random, unused port number, and it will connect to a well-known port number on the other side.> I am also getting error messages "Cannot route packet from _xxx_ (MYSELF): > unknown IPv4 destination address 192.168.3.255" The manual mentions that I > should ignore broadcast messages (ending in .255), so I'm not sure if this > message is relevant.Those messages about broadcast packets are indeed not relevant. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/f4b25378/attachment.pgp>
Maybe Matching Threads
- Windows 7 support? Should I be able to PING over the VPN?
- Weird behaviour between Windows Vista & Windows 7 VPN - can anyone help?
- New issue, configuring 2 Vista nodes
- FW: New issue, configuring 2 Vista nodes behind Norton Internet Security 2010 Firewalls
- AW: Tinc connection does not come up when started as Windows service