search for: metakeys

Yes, I am sure but added another broader rule: nsasia at db1:~$ sudo ufw allow from any port 655 proto udp same result for debug example. regards Robert >>> Rafael Wolf <rfwolf at gmail.com> 13-Jun-18 5:32 PM >>> Telnet will only do tcp not udp which tinc works on. Are you sure udp 655 is open? On Wed, Jun 13, 2018, 3:51 AM Robert Horgan <robert

Hi, Are you sure? What happens if you manually telnet/socket 10.130.39.180 nsasia at web3:~$ telnet 10.130.39.180 655 Trying 10.130.39.180... Connected to 10.130.39.180. Escape character is '^]'. 0 db1 17 Connection closed by foreign host. Stopping the service and running debug I get: nsasia at web3:~$ sudo tincd -n gainplus -d5 -D tincd 1.0.33 starting, debug level 5

Hi, I've got a relatively simple tinc setup. I've got two "servers" that are on the public internet that act as routers for three "clients" that are behind NATs. Those servers are called aaaaa and bbbbb the clients are xxxxx, yyyyy and zzzzz Unfortunatly the servers have problems accepting a connection from the clients syslog on aaaaa: Sep 29 18:28:58 schuerrer

You know I think I've seen this once before. Got ID from db1 (10.130.39.180 port 655): 0 db1 17 Sending METAKEY to db1 It looks like it's communicating properly but there is a problem with your keys. Can you rename and regenerate your keys? On a project I'm working on when we transferred our keys to another client it put Carriage returns so there was a key mismatch. Try that and

Hi Guus, The first example was a manual connect, the second example was debug regards Robert >>> "Robert Horgan" <robert at nsasia.co.th> 13-Jun-18 10:21 AM >>> Hi, Are you sure? What happens if you manually telnet/socket 10.130.39.180 nsasia at web3:~$ telnet 10.130.39.180 655 Trying 10.130.39.180... Connected to 10.130.39.180. Escape

...here denotes the tinc server that makes an outgoing connection, the server is the one that accepts an incoming connection. This scheme is very similar to what SSH (secure shell) uses. However, a man in the middle could relay all messages between the client and the server up to the exchange of the metakeys. After that, the mitm breaks the connection with the real client, and sends his own metakey. After that, the mitm can receive messages from the server. It cannot send any messages though, because the mitm cannot decrypt the symmetric cipher key that has been sent to it. As a result, the mitm cannot...

Hi. I'm in desperate need of some good advice. I have a tinc network with 16 nodes. It's a star topology where all nodes are connecting to the one node (Node1) that have a static IP. Node 1 accepts incomming connections Node 2 through 16 connects to Node1 One of the nodes (Node5) stopped working a while ago (2 - 3 weeks or so), other than that everything was working fine. Today I

Hello, I'm using tinc for a few years now and that this is my first post to this list tells a lot about the quality of tinc, I think. It's just great, thanks a lot for your fine work! Recently I've discovered these messages in my syslog: Dec 28 16:34:06 vdr tinc.grue[9731]: Possible intruder ix (192.168.178.25 port 60882): wrong keylength Dec 28 16:34:06 vdr tinc.grue[9731]: Error

Don't know what impact is on tinc operation? Laptop extract (3G): .. Connected to MainPC (41.242.172.108 port 655) .. Sending ID to MainPC (41.242.172.108 port 655): 0 Laptop 17 .. Got ID from MainPC (41.242.172.108 port 655): 0 MainPC 17 .. Sending CHALLENGE to MainPC (41.242.172.108 port 655): ... .. Bogus data received from MainPC (41.242.172.108 port 655) .. Closing connection with

Hello, I have been reading through the documentation and trying to set up a very small VPN as a test for a larger rollout that I would like to complete in the future but cannot get this working. The configuration seems like it should be relatively simple, so I'm most likely missing something basic but I just cannot see what I'm doing wrong. At the moment I am trying to get this working

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello! i would like to use tinc with public keys which are extracted from x509 certificates. the only public key format i was able to extract from certificates with openssl commands looked like this: - -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwXDZs8EBb/JyZ9daB3Zk9WHxD

Hello, I'm trying to test a tinc vpn between two Linux hosts on the same ethernet. If I start tinc on both sides as 'tinc -n test --bypass-security --debug=5' I can ping both machines from each other and tcpdump shows that the packets pass through the tun-device created by tinc. Connection from 192.168.192.17 port 32852 Sending ID to (null) (192.168.192.17 port 32852): 0 helix 17

Hello, After upgrading my client system from Debian jessie to Debian stretch (which includes an update from tinc 1.0.24 to tinc 1.0.31), I am having trouble with my VPN: As long as I let tinc connect directly (no "Proxy" configuration option on the client), everything works fine: # tincd -n rath -D -d tincd 1.0.31 starting, debug level 1 /dev/net/tun is a Linux tun/tap device (tun

...Guus. Well the debug helped a little bit. So did re-reading the manual again. I think I got further ahead, but unfortunately I still cannot quite get to complete the connection between the two nodes. It looks like the two nodes are communicating - they seem to be able to exchange RSA keys & MetaKeys, but for some reason, they start trying to exchange data on random ports (1361, 1362, 1436, etc.) before the connection has been completely established and I'm guessing that they might be getting blocked by Windows Firewall (I did add tinc.exe to the program exception list, along with port 655...

I have now got the tinc demons (on network OFFICES) on BranchB and BranchA talking to each other, see below for log from BranchB. For some trouble shouting issues relating to OsX see at the end of my e-mail. However, I have not yet achieved the network connectivity/routing that I would like. The aim is: BranchB is a laptop I would like to connect it (via tinc) to my office network, so that

Hello! I have recently installed tinc on a linux 2.4 machine which has 192.168.0.0/24 private network connected to eth0 and registered ip on eth1. I also installed tinc on Windows 2000 machine on a remote location. for this moment I can establish connection, on Linux machine tincd says: Sep 26 21:10:50 hostname tinc.gscvpn[483]: Node home (y.y.y.y port 655) became reachable But i

Hi Marek I managed to setup everything in openwrt. However I am getting errors when trying to run tinc daemon. Below is my debug output. Please help.. How do I fix tunnel interface error? root at OpenWrt:/etc/tinc/vpn# tincd -n vpn -D -d3 tincd 1.0.21 (Mar 9 2014 18:26:59) starting, debug level 3 /dev/net/tun is a Linux ethertap device Executing script tinc-up ifconfig: SIOCGIFFLAGS: No

Hello! I have encountered a bug using tincd with Microsoft Windows: Below you'll find my Setup and my Logs. In short, i do the following: 1. office running tincd 1.0.7 and waiting for connections (no ConnectTo, but this does not resolve the issue) 2. the supporter starts up tincd 1.0.7 on windows (native) 3. ping from windows ("support") to the office: Here the error occours:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greeting- I have tinc on the following: 2 - x86 FreeBSD boxes 1 - ARM FreeBSD box 1 - x86 Macintosh All the x86 boxes can speak with each other, but none of the x86 boxes can speak with the ARM box. The ARM box says: [root at beaglebone /usr/local/etc/tinc/wdl]# tincd -D -n wdl tincd 1.0.24 (Mar 8 2015 14:55:57) starting, debug level 0

Hello, we currently set up a large tinc network with 2 central Nodes (these nodes connecting to each other). All satellites (ca 40) connect to these both machines. All containing two ConntectTo fields (for backup) e.g. (satellite) Name = nfp_hy Device = /dev/tun PrivateKeyFile = /etc/tinc/nfp_hy/rsa_key.priv ConnectTo = nfp_f_vpn ConnectTo = nfp_c_vpn If the count of satellites reaches