search for: experimentalprotocol

Hi there, we're using tinc to mesh together hosts in a public datacenter (instead of using a private VLAN, sort of). So all hosts are reasonably modern; connections are low latency with an available bandwith of around 500Mbit/s or 1Gbit/s (depending on how close they are to each other). Iperf between two nodes directly reports around 940Mbit/s. The CPUs are Intel(R) Core(TM) i7-4770 CPU @

...t 4:07 PM, Todd C. Miller <Todd.Miller at sudo.ws> wrote: > On Fri, 16 Mar 2018 14:37:58 -0700, al so wrote: > > > Is SPTPS protocol enabled in 1.1 by default? Or we need to manually > enable > > it. > > It is enabled by default. You can disable it by setting > ExperimentalProtocol = no in tinc.conf. > > - todd > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www....

Hello, I think routing could be improved in several ways, at least, there lacks some documentation describing how Tinc routes packets. In order to test Tinc, I setup the following virtual network: - tinc 1.1pre9 with ExperimentalProtocol=yes - use of network namespaces (actually python-nemu[1]) - star topology, where all nodes runs tinc except the center, which I use to filter communications, simulating cuts or delays between specific nodes (use of NFQUEUE) - tinc TCP graph: m1 -- R ---- m3 \ / `m6' w...

...s a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set. * Enable various compiler hardening flags by default. * Added support for a "conf.d" configuration directory. * Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when tinc-gui is run in a 64-bits Python environment. * Added a "L...

...s a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set. * Enable various compiler hardening flags by default. * Added support for a "conf.d" configuration directory. * Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when tinc-gui is run in a 64-bits Python environment. * Added a "L...

Hello, After upgrading to 1.1pre14, enabling ExperimentalProtocol, I receive a lot of messages like these: Received short packet from nodename (ip port 655) Handshake phase not finished yet from nodename (ip port 21785) Got REQ_KEY from node while we already started a SPTPS session! Invalid packet seqno: 0 != 1 from node (ip port 21785) Failed to verify SIG rec...

Is SPTPS protocol enabled in 1.1 by default? Or we need to manually enable it. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180316/2360e357/attachment.html>

Try to disable ExperimentalProtocol. Florent B <florent at coppint.com> 于2018年8月10日周五 下午9:16写道： > > Hi, > > Is it possible to completely disable encryption with Tinc 1.1 ? > > I set in my configuration : > > ExperimentalProtocol = no > Cipher = none > Digest = none > > But it does not seem to...

Hi all, I tried Tinc 1.1 from git on 4 nodes, each one in a datacenter. They were able to ping each other, etc... but I had problem with multicast, nothing seemed to pass (all is OK with Tinc 1.0.23). I checked logs and on every nodes I have a lot of: Failed to decrypt and verify packet And Error while decrypting: error:00000000:lib(0):func(0):reason(0) So I get back to 1.0.23 which works

....21: * Drop packets forwarded via TCP if they are too big (CVE-2013-1428). Here is a summary of the changes in tinc 1.1pre7: * Fixed large latencies on Windows. * Renamed the tincctl tool to tinc. * Simplified changing the configuration using the tinc tool. * Added a full description of the ExperimentalProtocol to the manual. * Drop packets forwarded via TCP if they are too big (CVE-2013-1428). Thanks to Martin Schobert for auditing tinc and reporting the vulnerability. He discovered a potential stack overflow that can be triggered by an authenticated peer. This can be used to cause a tinc daemon to cra...

....21: * Drop packets forwarded via TCP if they are too big (CVE-2013-1428). Here is a summary of the changes in tinc 1.1pre7: * Fixed large latencies on Windows. * Renamed the tincctl tool to tinc. * Simplified changing the configuration using the tinc tool. * Added a full description of the ExperimentalProtocol to the manual. * Drop packets forwarded via TCP if they are too big (CVE-2013-1428). Thanks to Martin Schobert for auditing tinc and reporting the vulnerability. He discovered a potential stack overflow that can be triggered by an authenticated peer. This can be used to cause a tinc daemon to cra...

...third pre-release of the 1.1 branch of tinc. Tinc 1.1 is protocol compatible with 1.0.x, but will have large architectural changes and new features. Tinc 1.0.x will still be maintained. Please try out this new version, and let us know what you think of, and report any bugs you find. If you use the ExperimentalProtocol option, then tinc 1.1pre4 is still compatible with 1.0.x and other 1.1pre4 nodes, but may not be compatible with 1.1pre1 through 1.1pre3 nodes. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachm...

...third pre-release of the 1.1 branch of tinc. Tinc 1.1 is protocol compatible with 1.0.x, but will have large architectural changes and new features. Tinc 1.0.x will still be maintained. Please try out this new version, and let us know what you think of, and report any bugs you find. If you use the ExperimentalProtocol option, then tinc 1.1pre4 is still compatible with 1.0.x and other 1.1pre4 nodes, but may not be compatible with 1.1pre1 through 1.1pre3 nodes. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachm...

Is there any indication of when we might see the protocol stabilize in the 1.1pre branch? It seems to be quite an improvement already. Perhaps some configuration could be added to allow for specifying a protocol version, rather than the 'ExperimentalProtocol=yes' flag? What are the roadblocks to stabilizing it and is there any need or desire for help accomplishing this? While I'm more of a network administrator than a programmer, I'd be happy to help in any way I can.

...ything is perfect. But on my Windows 10 computer using tinc 1.1 and the OpenVPN TAP Provider 9.0.0.21 I always have to shutdown and restart the tinc service, when the computer returns from standby or hibernation. This problem is not related to the recent Windows updates. I am using Mode = switch ExperimentalProtocol = no Depending on the other settings, I sometimes see errors like "Metadata socket read error for <control>" or "Error while writing to TAP device..." Right now I have the Metadata error, and log just shows an ongoing stream of "Sending UDP probe length 18" to...

Hi, ? I've recently moved from OpenVPN to Tinc for the mesh setup. Everything works nicely except for some looping packet issues. ? I have 12 servers around the United States, including a couple of moving clients. Every now and then the network is flooded with what I assume is looping packets. 200-300MB of bandwidth per node over 10-45 minutes (normally < 20 KB/s, idle). Most if not all

Hi. I'm in desperate need of some good advice. I have a tinc network with 16 nodes. It's a star topology where all nodes are connecting to the one node (Node1) that have a static IP. Node 1 accepts incomming connections Node 2 through 16 connects to Node1 One of the nodes (Node5) stopped working a while ago (2 - 3 weeks or so), other than that everything was working fine. Today I

...KEY----- Ed25519PublicKey = wSkAtVALhv/PcPzD43PjiDBsMVXXXXXXXXXXXXXXXXX Address = VAROPNIP Subnet = VARVPNIP Port = VARPORT ######TINC-CONF.template Name=VARNODENAME ListenAddress=VARLISTIP VARPORT VARCONN1 VARCONN2 VARCONN3 AddressFamily = ipv4 Broadcast = no Forwarding = internal Hostnames = no ExperimentalProtocol = yes Device = /dev/net/tun Ed25519APrivateKeyFile=/tinc/Ed25519_key.priv PrivateKeyFile=/tinc/rsa_key.priv ######TINC-UP.template #!/bin/sh ifconfig $INTERFACE VARVPNIP netmask VARMASK *************************************** Now your only configuration file is your STARTUP SCRIPT! Yeah, a sing...

So as probably any Tinc user, I noticed there are two versions: 1.0 and 1.1. On the website is explained that 1.1 is the stepping stone for 2.0 and that it has a lot of neat features *planned*. However, in the repositories, one usually finds version 1.0, and since I'm someone who prefers having everything run through repositories instead of manually updated, I want to know if it's worth

...amp; connect to them easily, on either side work to Home or offsite connects (see log below) but i'm unable to connect or ping any of the PCs or devices on either side. port 655 is open on the CISCO ASA for TCP & UDP Traffic My work tinc.conf Name = work Interface = tinc ConnectTo = home ExperimentalProtocol=no Cipher=aes-256-cbc Digest=sha256 PingInterval = 30 LocalDiscovery = yes work host Subnet = 192.168.1.66/32 -----BEGIN RSA PUBLIC KEY----- XXXXXXXXXXXXXXXXXXXXXXXXX -----END RSA PUBLIC KEY----- home config on host Address = 47.20.123.2 Subnet = 192.168.11.0/24 -----BEGIN RSA PUBLIC KEY----- X...