search for: myvpn

Hi, All Due to some routing rotation purpose, I use crontab to add below info: 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 1 * * * * /usr/sbin/tincd -n myvpn -k 1 * * * * /usr/sbin/tincd -n myvpn --debug=3 30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp 30 * * * * sed -i '/54.169.0.0\/17/d'...

...een tinc nodes, but it’s weird that, from the debug log, one line shows "No response to MTU probes from node1”, but it indeed received a lot of MTU probe response, and finally it get the conclusion of "Packet for node1 (1.1.1.1 port 443) larger than minimum MTU”. 2017-06-21 08:12:05 tinc.myvpn[18854]: Got MTU probe length 1341 from node1 (1.1.1.1 port 443) 2017-06-21 08:12:05 tinc.myvpn[18854]: Got MTU probe length 619 from node1 (1.1.1.1 port 443) 2017-06-21 08:12:06 tinc.myvpn[18854]: Got MTU probe length 396 from node1 (1.1.1.1 port 443) 2017-06-21 08:12:06 tinc.myvpn[18854]: Sending...

...odes, but it’s weird that, from the debug log, one line shows "No response to MTU probes from node1”, but it indeed received a lot of MTU probe response, and finally it get the conclusion of "Packet for node1 (1.1.1.1 port 443) larger than minimum MTU”. > > 2017-06-21 08:12:05 tinc.myvpn[18854]: Got MTU probe length 1341 from node1 (1.1.1.1 port 443) > 2017-06-21 08:12:05 tinc.myvpn[18854]: Got MTU probe length 619 from node1 (1.1.1.1 port 443) > 2017-06-21 08:12:06 tinc.myvpn[18854]: Got MTU probe length 396 from node1 (1.1.1.1 port 443) > 2017-06-21 08:12:06 tinc.myvpn[1...

Hi, Guus Thanks a lot for your suggestion, actually I did something else as below. But one question here is if I don’t add "/sbin/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0”, it seems the crontab wouldn’t trigger tinc-up, and then the ip addr of myvpn wouldn’t be configured, then it will prompt the error of "Can't write to Linux tun/tap device (tun mode) /dev/net/tun: Input/output error” So I have to manually add that ifconfig...

...rk laptop and vps and got trapped, here are my config files: on laptop: *tinc.conf Name = envy13 Device = /dev/net/tun ConnectTo = main *hosts/main Address = <my vps ext ip address> Port = 655 Subnet = 10.0.0.1/32 *hosts/envy13 Port = 655 Subnet = 10.0.0.2/32 *tinc-up #!/bin/sh ip link set myvpn up ip addr add 10.0.0.2/32 dev myvpn ip route add 10.0.0.0/24 via 10.0.0.2 *tinc-down #!/bin/sh ip route del 10.0.0.0/24 via 10.0.0.2 ip addr del 10.0.0.2/32 dev myvpn ip link set myvpn down on vps: *tinc.conf Name = main Device = /dev/net/tun *hosts/main, *hosts/envy13 same as on laptop *tinc-...

...n working for ages. Without anything changing, they've stopped. They both died, in sequence while I was actively connected to them and using an SSH session. When I check the logs of another tinc node they connect to I see this. (IP and other details sanitised) Oct 22 10:47:45 jaipur tinc.myvpn[2222]: Sending ID to <unknown> (1.2.3.4 port 55651): 0 jaipur 17 Oct 22 10:47:45 jaipur tinc.myvpn[2222]: Sending 12 bytes of metadata to <unknown> (1.2.3.4 port 55651) Oct 22 10:47:45 jaipur tinc.myvpn[2222]: Flushing 12 bytes to <unknown> (1.2.3.4 port 55651) Oct 22 10:47:45...

...n working for ages. Without anything changing, they've stopped. They both died, in sequence while I was actively connected to them and using an SSH session. When I check the logs of another tinc node they connect to I see this. (IP and other details sanitised) Oct 22 10:47:45 jaipur tinc.myvpn[2222]: Sending ID to <unknown> (1.2.3.4 port 55651): 0 jaipur 17 Oct 22 10:47:45 jaipur tinc.myvpn[2222]: Sending 12 bytes of metadata to <unknown> (1.2.3.4 port 55651) Oct 22 10:47:45 jaipur tinc.myvpn[2222]: Flushing 12 bytes to <unknown> (1.2.3.4 port 55651) Oct 22 10:47:45...

On Fri, May 26, 2017 at 09:30:44AM +0800, Bright Zhao wrote: > Due to some routing rotation purpose, I use crontab to add below info: > > 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 1 * * * * /usr/sbin/tincd -n myvpn -k > 1 * * * * /usr/sbin/tincd -n myvpn --debug=3 > > 30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp > 30 * * * * sed -...

...also the default gateway for each local LAN 3. tinc run in router mode 4. Each tinc node has the following interfaces: - eth0, external, with public IP address (does NAT/masquerading) - eth1, internal (default gateway for the corresponding LAN), address 192.168.x.1, mask 255.255.255.0 (/24) - myvpn, tinc virtual tunnel interface, address 192.168.x.1, mask 255.255.0.0 (/16) - an /etc/tinc/myvpn/tinc-up script like: #!/bin/sh ifconfig $INTERFACE 192.168.x.1 netmask 255.255.0.0 ip route replace 10.0.0.0/8 dev $INTERFACE ip route replace 172.16.0.0/12 dev $INTERFACE (so that all private IP p...

...i can set syslog. But my problem still the same. When i check Tap0 configure. I know idea what's wrong that i set. I set up tap follow these. ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 192.168.1.1 netmask 255.255.255.0 ifconfig tap0 -arp But i notice in my routing table have 2 myvpn. Like these, myvpn * 255.0.0.0 U 0 0 0 eth1 myvpn * 255.0.0.0 U 0 0 0 tap0 When i use tcpdump -i tap0. It don't have anything happen. Ahh i'm not clear what is port forwarding and How to do? Can yo...

...certain tinc nodes learnt? So that I can know the weight for certain subnet(in real time), instead of go back to the node’s (who advertise the subnet) configuration file to check. 2. So far in order to change the weight of a subnet, or something else, I have to reset the tinc daemon( tincd -k -n myvpn and then tincd -n myvpn) in order to make it updated, any other better ways to update the configuration and make if effect without big impact. Sent from iPhone -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/201...

...d to specify "Device". (I never did) > ConnectTo = main > > *hosts/main > Address = <my vps ext ip address> > Port = 655 > Subnet = 10.0.0.1/32 > > *hosts/envy13 > Port = 655 > Subnet = 10.0.0.2/32 > > *tinc-up > #!/bin/sh > ip link set myvpn up > ip addr add 10.0.0.2/32 dev myvpn > ip route add 10.0.0.0/24 via 10.0.0.2 I understand the above as "route the subnet through myself". This is not what you want, or? I guess, the following lines would be sufficient? ip link set myvpn up ip addr add 10.0.0.2/24 dev myvpn &...

Hi, Tinc experts Diagram as below, A is trying to access host X behind C: A >> B >> C — “host X" B is the tinc server for A, but also B is the tinc client to connect to C. My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32, which indicate the VPN serve for this host. But as the tinc client to C, B’s host config shouldn’t include Subnet = X/32, because X/32 is behind C....

...PTPS session! May 09 09:19:44 node-1 tincd[918]: Unknown cipher nid -1! May 09 09:19:44 node-1 tincd[918]: Node node_3 (10.0.0.2 port 655) uses unknown cipher! May 09 09:19:44 node-1 tincd[918]: Error while processing ANS_KEY from node_3 (10.0.0.2 port 38406) May 09 09:19:44 node-1 systemd[1]: tinc.myvpn.service: Main process exited, code=killed, status=11/SEGV May 09 09:19:44 node-1 systemd[1]: tinc.myvpn.service: Unit entered failed state. May 09 09:19:44 node-1 systemd[1]: tinc.myvpn.service: Failed with result 'signal'. May 09 09:19:47 node-1 systemd[1]: tinc.myvpn.service: Service hold...

Hi, experts I found the tun0 is 10Mb/s and I installed vnstat to monitor the tinc vpn traffic statistic, but due to 10Mb/s, the vnstat couldn’t update it’s database due to low speed rate, so anyway to change the tun from10Mb/s to higher? [root at box1 ~]# vnstat -u Info: Traffic rate for "myvpn" higher than set maximum 10 Mbit (248->341, r735 t38), syncing. [root at box1 ~]# ethtool myvpn Settings for myvpn: Supported ports: [ ] Supported link modes: Not reported Supported pause frame use: No Supports auto-negotiation: No Advertised link modes: Not reported Advertised p...

....com> wrote: > Hi, Tinc experts > > Diagram as below, A is trying to access host X behind C: > > A >> B >> C — “host X" > > B is the tinc server for A, but also B is the tinc client to connect to C. > > My question is, if I only use one VPN (/etc/tinc/myvpn), then the host > configuration for B will be tricky. > > As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs > have the Subnet = X/32, which indicate the VPN serve for this host. > But as the tinc client to C, B’s host config shouldn’t include Subnet = > X/32...

...ts >> >> Diagram as below, A is trying to access host X behind C: >> >> A >> B >> C — “host X" >> >> B is the tinc server for A, but also B is the tinc client to connect to C. >> >> My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. >> >> As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32, which indicate the VPN serve for this host. >> But as the tinc client to C, B’s host config shouldn’t include Subnet = X/32,...

...ight Zhao wrote: > Hi, Tinc experts > > Diagram as below, A is trying to access host X behind C: > > A >> B >> C — “host X" > > B is the tinc server for A, but also B is the tinc client to connect to C. > > My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. > > As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32, which indicate the VPN serve for this host. > But as the tinc client to C, B’s host config shouldn’t include Subnet = X/32, because X/32...

...ertain tinc nodes learnt? So that I can know the weight for certain subnet(in real time), instead of go back to the node’s (who advertise the subnet) configuration file to check. 2. So far in order to change the weight of a subnet, or something else, I have to reset the tinc daemon( tincd -k -n myvpn and then tincd -n myvpn) in order to make it updated, any other better ways to update the configuration and make if effect without big impact. Sent from iPhone -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/201...

Trying to understand "redirect-gateway" option Is this url info correct for the current Tinc 1.0.35 version? .../tinc-vpn.org/examples/redirect-gateway What is the script? /etc/tinc/myvpn/hosts/server-up Is it really a extra bit to be added to,/etc/tinc/myvpn/tinc-up If I read and apply the instructions to my routed setup, then all I need to add isip route add 0.0.0.0/1 dev $INTERFACE ip route add 128.0.0.0/1 dev $INTERFACE which doesn't work. my tinc-up looks like this #!/b...