search for: privatekey

Hello, I'm using tinc for a few years now and that this is my first post to this list tells a lot about the quality of tinc, I think. It's just great, thanks a lot for your fine work! Recently I've discovered these messages in my syslog: Dec 28 16:34:06 vdr tinc.grue[9731]: Possible intruder ix (192.168.178.25 port 60882): wrong keylength Dec 28 16:34:06 vdr tinc.grue[9731]: Error

I found the following error in tinc manual in http://tinc.nl.linux.org/documentation/tinc_4.html PrivateKey = /etc/tinc/company/rsa_key.priv should be: PrivateKeyFile = /etc/tinc/company/rsa_key.priv Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/

...rnal 10.0.1.1 - 10.0.0.1 Here are my configuration files on LocationB tinc-up ~~~~~~~~~~~~ #!/bin/sh ifconfig $NETNAME hw ether fe:fd:00:00:00:00 ifconfig $NETNAME 192.168.1.1 netmask 255.255.0.0 ifconfig $NETNAME -arp ~~~~~~~~~~~~ tinc.conf ~~~~~~~~~~~~ Name = LocationB ConnectTo = LocationA PrivateKey = /usr/local/etc/tinc/ourvpn/rsa_key.priv TapDevice = /dev/tun ~~~~~~~~~~~~ rsa_key.priv ~~~~~~~~~~~~ -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCiVD55i0HmftAPExWpnRbKMRiyXfRqQWNcN8IXa5Yzi76b9God -SNIP- I2nKxx2M4CpDhKHu2sNexfMiaNqR1Uc0uuiuPKpN0VA= -----END RSA PRIVATE KEY----- hosts/Location...

...max connections = 1 path = /var/lib/systemimager/backup read only = true use chroot = true list = true dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz the invoke_trigger script will trigger machines by using an ssh connection: ssh -qi privatekey -o StrictHostKeyChecking=no -l sshuser server1 backup > backup.sql ssh -qi privatekey -o StrictHostKeyChecking=no -l sshuser server2 backup the backup command is a script that will be executed on the corresponding machine. When the backup script generates output to stdout, it won't be catch...

...-n vpn_net -ddd echo -n " Configuring VPN Interface" sleep 1 ifconfig vpn_net hw ether fe:fd:00:00:00:00 ifconfig vpn_net 192.168.1.1 netmask 255.255.0.0 echo " [VPN Started]" Here are the config files: (/etc/vpn_net/tinc.conf) Client: Name = BG_VPN ConnectTo = US_VPN PrivateKey = ..... Server: Name = US_VPN PrivateKey = ... And hosts files: BG_VPN: Subnet = 192.168.0.0/16 Address = x.x.x.x (gateway address) PublicKey = ..... US_VPN: Subnet = 192.168.0.0/16 Address = x.x.x.x (gateway address) PublicKey = Whats wrong with this, can you tell me ? - Tinc: Discuss...

...that icmp echo requests are received by the other host, but no replies are sent. The two hosts are North and South. It is the same pinging North to South and South to North. The hosts are configured as follows: South: Debian 2.2 /usr/local/etc/tinc/tinc.conf: TapDevice = /dev/tap0 Name = South PrivateKey = blahblahblah /usr/local/etc/tinc/hosts/North: PublicKey = blahblahblah Subnet = 10.1.0.0/24 /usr/local/etc/tinc/hosts/South: PublicKey = blahblahblah Subnet = 10.2.0.0/24 ifconfig tap0: tap0 Link encap:Ethernet HWaddr FE:FD:0A:02:00:01 inet addr:10.2.0.1 Bcast:10.255.255.255...

...l/etc/tinc/tinc-up : #!/bin/bash /sbin/ifconfig tap0 hw ether fe:fd:00:00:00:00 /sbin/ifconfig tap0 194.128.68.17 netmask 128.0.0.0 /usr/local/etc/tinc/tinc-down : #!/bin/bash /sbin/ifconfig tap0 down /usr/local/etc/tinc/tinc.conf : Name = A TapDevice = /dev/tap0 Interface = eth0 ConnectTo = B PrivateKey = xxxx /usr/local/etc/tinc/hosts/A : Address = 194.128.68.11 Subnet = 194.128.68.0/24 Port = 655 PublicKey = xxxx /usr/local/etc/tinc/hosts/B : Address = 194.128.68.9 Subnet = 195.128.68.0/24 Port = 655 PublicKey = xxxx Machine B: /usr/local/etc/tinc/tinc-up : #!/bin/bash /sbin/ifconfig tap...

...mon name must be used as fully qualified domain name. For example: mis3.fgs.org.tw mis3# openssl req -new -nodes -keyout newreq.pem -out newreq.pem mis3# ../misc/CA.sh -sign mis3# cp demoCA/cacert.pem . mis3# mv newcert.pem servercrt.pem mis3# mv newreq.pem privatekey.pem mis3# chmod 600 privatekey.pem Reference: http://www.openldap.org/faq/data/cache/185.html (b) Configure OpenLDAP (1) Open /usr/local/etc/openldap/lapd.conf (OpenLDAP client config.) with text editor HOST mis3.fgs.org.tw BASE dc=fgs,dc=org,dc...

..._filter = user_filter = (mail=%u) default_pass_scheme = CRYPT user_global_uid = 5000 user_global_gid = 5000 /etc/dovecot.conf: protocols = imap imaps pop3s imap_listen = 127.0.0.1 imaps_listen = * pop3s_listen = * ssl_cert_file = /etc/ssl/mydomain.tld/Cert.pem ssl_key_file = /etc/ssl/mydomain.tld/PrivateKey.pem disable_plaintext_auth = yes login = imap login_user = dovecot login = pop3 verbose_proctitle = yes first_valid_uid = 5000 last_valid_uid = 5000 first_valid_gid = 5000 last_valid_gid = 5000 mail_extra_groups = mail valid_chroot_dirs = /var/mail/virtualmail default_mail_env = maildir:/var/mail/v...

...know. follow these i my configure file. ---------------- Gw1 -> tinc-up #!/bin/bash /sbin/ifconfig tap0 hw ether fe:fd:00:00:00:00 /sbin/ifconfig tap0 192.168.1.1 netmask 255.255.255.0 /sbin/ifconfig tap0 -arp /sbin/route add -net 192.168.2.0 dev tap0 netmask 255.255.255.0 Gw1 - > tinc.conf PrivateKey = xxxxxxxx Name = gwA TapDevice = /dev/tap0 KeyExpire = 30000000 -------------------------- Gw2 -> tinc-up #!/bin/bash ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 192.168.2.1 netmask 255.255.255.0 ifconfig tap0 -arp route add -net 192.168.1.0 dev tap0 netmask 255.255.255.0 Gw2 ->...

...rc26/var/dovecot.log protocols: imaps listen: a.b.c.39:143 ssl_listen: a.b.c.39:993 ssl_ca_file:/drbd/imap/dovecot-1.0.rc26/etc/certs/CA/cacert_with_crl.pem ssl_cert_file:/drbd/imap/dovecot-1.0.rc26/etc/certs/CA/imaps-signedcertificate.pem ssl_key_file:/drbd/imap/dovecot-1.0.rc26/etc/certs/CA/imaps-privatekey.pem ssl_verify_client_cert: yes verbose_ssl: yes login_dir: /drbd/imap/dovecot-1.0.rc26/var/run/dovecot/login login_executable: /drbd/imap/dovecot-1.0.rc26/libexec/dovecot/imap-login verbose_proctitle: yes mail_extra_groups: mail mail_location: mbox:~/:INBOX=/var/mail/%u mmap_disable: yes mbox_writ...

...May 24 08:43:36 mailgate kernel: Packet log: forward REJECT eth0 PROTO=1 192.168 .3.10:0 192.168.1.40:0 L=84 S=0x00 I=65305 F=0x0000 T=126 (#5) TINC SETTINGS ON VBOX MACHINE (62.49.252.50 & 192.168.1.3) /usr/local/etc/tinc/netscot/tinc.conf Name = vbox Interface = eth0 TapDevice = /dev/tap1 PrivateKey = 7E... /usr/local/etc/tinc/netscot/tinc-up #!/bin/bash /sbin/ifconfig tap1 hw ether fe:fd:00:00:00:00 /sbin/ifconfig tap1 192.168.1.7 broadcast 192.168.255.255 netmask 255.255.0.0 /usr/local/etc/tinc/netscot/tinc-down #!/bin/bash /sbin/ifconfig tap1 down /usr/local/etc/tinc/netscot/hosts/scot A...

...y. > I verified I had the right keys on all systems. In addition I have > replaced and repropagated the beaglebone keys 3 times. Some problem with the keys is the most likely explaination for "bogus message", however if that is ruled out the next likely problem is the use of "PrivateKey" or "PublicKey" statements in config files, when you actually meant "PrivateKeyFile" or "PublicKeyFile". Check if you have any of those statements. If so, I recommend removing them altogether. If that was not the problem, then another issue might be the version o...

...rting up Ed Dovecot.conf ## Dovecot configuration file # IC - EL 2006.09.29 protocols = imap imaps pop3 pop3s # IC - EL 2006.09.29 disable_plaintext_auth = no # IC - EL 2006.09.29 ssl_disable = no # IC - EL 2006.09.29 ssl_cert_file = /usr/share/ssl/s/Cert.pem ssl_key_file = /usr/share/ssl/s/PrivateKey.pem login_process_size = 64 # IC - EL 2006.09.29 login_processes_count = 6 # IC - EL 2006.09.29 login_greeting = InternetCrusade ready. # IC - EL 2006.09.29 #default_mail_env = maildir:/var/mail/%Ld/%Ln/%2.256Hp default_mail_env = maildir:/var/mail/%Ld/%Ln/ mail_extra_groups = mail verbose_pr...

...erlin.de at REALM(kvno 1) in keytab /etc/krb5.keytab Mar 19 22:31:02 emmi dovecot: auth(default): client out: FAIL 1 ] dovecot -n [ # 1.0.13: /usr/local/etc/dovecot.conf protocols: imaps pop3s listen: mail2.physik-pool.tu-berlin.de ssl_ca_file: /etc/CA ssl_cert_file: /etc/CERT ssl_key_file: /etc/PRIVATEKEY login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login verbose_proctitle: yes first_valid_uid: 200 first_valid_gid: 0 mail_privileg...

...ove, but earlier versions wanted SSLCertificateChainFile to have the non-leaf chain. Courier IMAP SSL wants TLS_CERTFILE specifying a file containing both the certificate and private key catenated. OpenVPN wants ca certificate chain used for signing.pem cert certificate.pem key privatekey.pem crl-verify crl.pem OpenLDAP appears similar to OpenVPN with (appears not to support CRLs): TLSCACertificatePath TLSCertificateFile TLSCertificateKeyFile Racoon wants (appears not to support CRLs): certificate_type x509 certfile keyfile ca_type x509 ca.pem But the ma...

Hi all, This topic is one that I am ignorant on and appreciate any guidance. My scenario; I have a wild card SSL installed on one of my CentOS boxes. As I understand it, this server was used as a sort of master when originally generating and receiving the wild card SSL cert (got the cert from GoDaddy BTW). So, now I must export some file(s) from that server so that I can import it/them to

Hello I get the following error when using our Let's Encrypt ssl certificate for webRTC calls : [Jun 2 14:29:28] == DTLS ECDH initialized (secp256r1), faster PFS enabled [Jun 2 14:29:28] ERROR[27360][C-00000ae5]: res_rtp_asterisk.c:1441 ast_rtp_dtls_set_configuration: Specified certificate file '/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' for RTP instance

...files either. I'm at a loss as to what's going on. Here's my dovecot -n: ################################ # 1.0.3: /etc/dovecot.conf listen: * ssl_cert_file: /usr/share/ssl/hermes.garlic.com/hermes.garlic.com.cert.pem ssl_key_file: /usr/share/ssl/hermes.garlic.com/hermes.garlic.com.privatekey.pem login_dir: /var/run/dovecot-login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login first_valid_uid: 200 mail_location: maildir:/home/%u/Maildir:INDEX=MEMORY maildir_copy_wit...

Hello, I'm trying to test a tinc vpn between two Linux hosts on the same ethernet. If I start tinc on both sides as 'tinc -n test --bypass-security --debug=5' I can ping both machines from each other and tcpdump shows that the packets pass through the tun-device created by tinc. Connection from 192.168.192.17 port 32852 Sending ID to (null) (192.168.192.17 port 32852): 0 helix 17