search for: nirmalthack

Hi I have a Tinc cluster of about 100 nodes, and they are all running tinc 1.1pre14. I'd like to upgrade to tinc 1.1pre15. Is there a suggested mechanism to do this while keeping the cluster up? For instance can I simply automate the installation of tinc 1.1pre15 on each node and reload the existing configuration using 'tinc reload' Will the temporary state of having a mix set of

Hi I'd like to build a Point-to-Point connection in Tinc 1.1pre14. My question specifically is how does one configure the conf file to achieve this Here's a simplified example: 1. There are 10 clients and 2 server nodes 2. All 10 clients have a Point-to-Point connection with the 2 server nodes 3. The 2 server nodes have Point-to-Point connection with all 10 clients. 4. In some ways this

Hi We are currently evaluating tinc 1.1pre14 and we like it a lot. Below are some questions I have on tinc 1.1pre14 1. What are some known issues to be aware of in tinc 1.1pre14? 2. Is there a tinc 1.1pre15 in the works? Whats different about it? 3. Any expected timeline on the 1.1 release? Thanks! -nirmal -------------- next part -------------- An HTML attachment was scrubbed... URL:

Thanks Guus! Looking forward to trying out tinc 1.1pre15. Can 1.1pre15 nodes coexist with 1.1pre14 nodes? Nirmal On Sat, Sep 2, 2017 at 1:47 PM Guus Sliepen <guus at tinc-vpn.org> wrote: > With pleasure we announce the release of tinc versions 1.0.32 and > 1.1pre15. > > Here is a summary of the changes in tinc 1.0.32: > > * Fix segmentation fault when using Cipher =

Thanks Guus! Looking forward to trying out tinc 1.1pre15. Can 1.1pre15 nodes coexist with 1.1pre14 nodes? Nirmal On Sat, Sep 2, 2017 at 1:47 PM Guus Sliepen <guus at tinc-vpn.org> wrote: > With pleasure we announce the release of tinc versions 1.0.32 and > 1.1pre15. > > Here is a summary of the changes in tinc 1.0.32: > > * Fix segmentation fault when using Cipher =

> > Maybe I should allow the reachable keyword for the dump graph command as > well, so you can do: > > tincctl -n <netname> dump reachable graph > > ...and not see any nodes which are unreachable. Is that what you want? This would help since dead nodes do not clutter the visual representation. What are the effects, if any, of dead nodes in the hosts/ dir? Thanks

Hi We have several stale nodes in our tinc network and I'd like to remove these. These nodes show up in graph dumps as red nodes, indicating they are unreachable. We run: tinc -n <vpn-name> purge Nothing happens. If we tail the logs at /var/log/syslog, we dont see an ack or message concerning the purge either. The dead nodes still show up in the graphs and their certs are still

Thanks Guus I have one more question. - We see several log messages that we dont currently understand - Can you comment on what they mean and if they are concerning? I've obfuscated IP's and node names so please ignore those. Our tinc daemon command is: tincd -n <vpn name> -- Received short packet -- Got REQ_KEY from node003 while we already started a SPTPS session! -- Invalid

Hi Today our Tinc network saw a network partition when we took one tinc node down. We knew there was a network partition since the graph showed a split. This graph is not very helpful but its what I have at the moment: http://i.imgur.com/XP2PSWc.png - (ignore node labeled ignore, since its a dead node anyways) - node R was shutdown for maintenance - We saw a network split - we brought node R

Thanks, very informative! I was able to generate this digraph and I'm pleased with it since it appears that all my servers behind bastion are directly connected, but nodes outside are not and are routed via bastion http://imgur.com/zEojkMw Here is the digraph itself, if the above link is not accessible: digraph { bastion [label = "bastion", color = "green"];

Hi Guus Following your suggestion we reconfigured our tinc network as follows. Here is a new graph and below is our updated configuration: http://imgur.com/a/n6ksh - 2 Tinc nodes (yellow labels) have a public external IP and port 655 open. They both have ConnectTo's to each other and AutoConnect = yes - The remainder tinc nodes (blue labels) have their tinc.conf set up as follows:

Thanks Guss, some comments and questions: If you make the yellow nodes ConnectTo all other nodes, and not have > AutoConnect = yes, and the other nodes just have AutoConnect = yes but > no ConnectTo's, then you will get the desired graph. The reason this approach is not desirable is because it fails at automation. It requires us to add a new line of AutoConnect = <new node that

Hi Guus Thanks for clarifying. Some follow up questions: - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to upgrade to? - What is the workaround until we patch with this fix? Using a combination of AutoConnect and ConnectTo? - When we use ConnectTo, is it mandatory to have a cert file in the hosts/* dir with an IP to ConnectTo ? -nirmal On Tue, Aug 22, 2017 at 12:10

Hi I'm new to tinc vpn and I am currently exploring a use-case we have, of creating a secure mesh over which our own services may run. This may be a basic question, I wasn't able to find a satisfying answer. What is the significance of port 655 with regards to tinc? Lets consider a 4 node setup: We have nodes: [protected] : protected behind a private network in the cloud [bastion]: