tinc - Jul 2010 - New issue, configuring 2 Vista nodes

Hello All,

I am trying to configure 2 Vista nodes.  For testing, I put them both on the
same LAN & subnet, and after figuring out that Vista puts the RSA_Key
private File & the Hosts files in a different directory {
\USERS\username\APPDATA\LOCAL\VIRTUALSTORE\PROGRAM FILES\TINC\ (+hosts\) },
I managed to bring up the daemons on both nodes.  (I suspect that Windows 7
uses another directory as well, but not the same as Vista.)

My problem is that one node is able to ping both ends of the VPN connection,
but the other can only ping the local side of the VPN connection.  I've
checked & re-checked the configuration files and they look identical except
for the connection names & addresses, but nothing seems to help.  That
location is fortunate to have 2 separate DSL connections (1 VoIP, 1 data),
and when I tried to run between the two DSL connections, forwarding port 655
to each node, everything behaves as it did on the common LAN subnet.  The
goal is to be able to share files between the two nodes, which doesn't work
yet.

I have attached the config files as well as the debug output from each side
if anyone has the time to help.

Based on my experience over the last few days, I would be willing to write
up & submit a 'how-to' guide for setting up under Windows Vista
(& once I
get to setting up the Windows 7 environment, that one too) so that others
can avoid the guesswork and problems I've had to solve.  (Netsh syntax has
also changed from XP.)

Best Regards,

 

Alan S. Lawee

Polygration

Email:  <mailto:info at polygration.com> info at polygration.com.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/ffd2c60e/attachment-0001.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Office.txt
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/ffd2c60e/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: RmtNode.txt
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/ffd2c60e/attachment-0003.txt>

On Mon, Jul 19, 2010 at 11:16:46PM -0400, Alan S. Lawee wrote:
> My problem is that one node is able to ping both ends of the VPN
connection,
> but the other can only ping the local side of the VPN connection.  I've
> checked & re-checked the configuration files and they look identical
except
> for the connection names & addresses, but nothing seems to help.  That
> location is fortunate to have 2 separate DSL connections (1 VoIP, 1 data),
> and when I tried to run between the two DSL connections, forwarding port
655
> to each node, everything behaves as it did on the common LAN subnet.  The
> goal is to be able to share files between the two nodes, which doesn't
work
> yet.
If you can ping the other side of a VPN connection, then the VPN itself works
in both directions (otherwise you wouldn't get a ping reply). That pinging
doesn't work from the other side suggests that it could be a firewall issue.
When in doubt, try to disable the firewall on the VPN interface completely on
both sides, and see if pinging works from both sides then.
> I have attached the config files as well as the debug output from each side
> if anyone has the time to help.
Hm, it doesn't look out of the ordinary.
> Based on my experience over the last few days, I would be willing to write
> up & submit a 'how-to' guide for setting up under Windows Vista
(& once I
> get to setting up the Windows 7 environment, that one too) so that others
> can avoid the guesswork and problems I've had to solve.
That would be great! Perhaps you could expand the "installing tinc on
Windows"
example on the website, or create a new example? If you want I can give you
access to the wiki.
> (Netsh syntax has also changed from XP.)
Ah, that information should also go into the manual.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20100720/492d55ef/attachment.pgp>

> I am trying to configure 2 Vista nodes.  For testing, I put them both on
the
> same LAN & subnet, and after figuring out that Vista puts the RSA_Key
> private File & the Hosts files in a different directory {
> \USERS\username\APPDATA\LOCAL\VIRTUALSTORE\PROGRAM FILES\TINC\ (+hosts\) },
FYI, the config files are appearing here because you're not running the
command
prompt (or installer?) as an actual Administrator.

When you fire up the command prompt to create/edit the files, you should 
right-click the Command Prompt icon and click "Run as Administrator". 
Otherwise
Windows just assumes it's a misbehaving legacy program trying to write into 
C:\Program Files.

Cheers,
Peter