search for: rhizomatica

Hi all, many thanks for the replies! On 14/05/18 19:05, Parke wrote: > On Mon, May 14, 2018 at 4:44 AM, Keith Whyte <keith at rhizomatica.org> wrote: >> but then I read that no, each host much have the key of >> the other to establish the direct connection. But I am looking at >> tcpdump right now in the terminal and seeing the UDP tunnel packets >> flowing from B to C. > Where do you read the above? I t...

...ed with NodeB using it’s keys etc) Understand it like this: for any two nodes to have a *direct* connection, they need to share the other’s Public Key to properly authenticate each other. It is a function of the security choices for TINC. > On 22 May 2017, at 11:03 AM, Keith Whyte <keith at rhizomatica.org> wrote: > > Hi all > > I feel like I should know the answer to this question, like I read it > someplace sometime, but it evades me right now. > > It's also an opportunity to say hello to the list and many thanks for > writing and supporting tinc vpn! We make g...

Hi all I feel like I should know the answer to this question, like I read it someplace sometime, but it evades me right now. It's also an opportunity to say hello to the list and many thanks for writing and supporting tinc vpn! We make great use of it at rhizomatica. So, Let's take this example setup. I have two tinc nodes (A and B) behind a firewall NodeA and NodeB have 192.168.1.2 and 192.168.1.3 assigned on an internal LAN, and they both have different public IP addresses forwarded to them, port 655 udp/tcp The rest of the nodes C-Z are spread out...

...________________________________________________________________________________________________ 3839 Ironwood Place | Landover, MD | 20785 -----Original Message----- From: Kismet Agbasi [mailto:kagbasi at centraltruck.net] Sent: Thursday, October 6, 2016 12:17 PM To: 'Keith' <keith at rhizomatica.org>; 'tinc at tinc-vpn.org' <tinc at tinc-vpn.org> Subject: RE: Can't Route LAN Traffic Behind Tinc Network Oh yes - so ubuntu2 is the linux host running tinc on my LAN (the one I'm referring to as INSIDE node). I can ping it from my Windows machine and vice versa withou...

...ALLOW IN Anywhere [ 3] 1194 ALLOW IN Anywhere [ 4] 655 ALLOW IN Anywhere [ 5] DNS ALLOW IN Anywhere Very Respectfully, Kismet Agbasi -----Original Message----- From: Keith [mailto:keith at rhizomatica.org] Sent: Thursday, October 6, 2016 10:14 AM To: tinc at tinc-vpn.org; kagbasi at centraltruck.net Subject: Re: Can't Route LAN Traffic Behind Tinc Network On 06/10/2016 15:48, Kismet Agbasi wrote: >> Did you remember to activate kernel ip forwarding? >> i.e. echo 1 > /proc/s...

Hi all! I still have never managed to fully wrap my head around how UDP data tunnels can be established between nodes. Everytime I think I understand it, I see something that confuses me again Just now I am seeing the following: I have nodes A, B + C A has everybody's keys and host configuration files. B and C only have A's key, and host config with A's public IP address. B and

...e on the tinc0 interface but nothing happens after that. Now that I'm thinking of it, I did some masquerading in order to get OpenVPN to work on another box, I wonder if that would be applicable here? Very Respectfully, Kismet Agbasi -----Original Message----- From: Keith [mailto:keith at rhizomatica.org] Sent: Thursday, October 6, 2016 10:47 AM To: kagbasi at centraltruck.net; tinc at tinc-vpn.org Subject: Re: Can't Route LAN Traffic Behind Tinc Network On 06/10/2016 16:33, Kismet Agbasi wrote: > Thanks Keith. Here's the output: OK. I'd like to say that I recognize this is...

On Mon, May 22, 2017 at 4:03 AM, Keith Whyte <keith at rhizomatica.org> wrote: > Is there a way to force NodeA or NodeB to "advertise" it's public IP to > the rest of the tinc network, or did I miss something really obvious? the config files can use DNS names, right? Have the nodes that you want to advertise their public IP addresses sign...

...but it can also happen simply because the UDP tunnel became idle for some time. Note that this is a somewhat simplified overview, and the details can differ slightly depending on whether you're using the 1.0 protocol or the 1.1 SPTPS protocol. On 14 May 2018 at 12:44, Keith Whyte <keith at rhizomatica.org> wrote: > Hi all! > > I still have never managed to fully wrap my head around how UDP data > tunnels can be established between nodes. > > Everytime I think I understand it, I see something that confuses me again > > > Just now I am seeing the following: > >...

Keith, Thanks for the reply and the pointers. > Did you remember to activate kernel ip forwarding? > i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ? I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. > and when I saw that I was about to cancel

On 05/10/2016 16:13, Kismet Agbasi wrote: > I have a 4 Node Tinc VPN setup with 2 nodes on my LAN and the other 2 > outside the LAN in the cloud. Everything has been working great for about 5 > years now, until today when I decided to move one of the nodes to another > box. Hi Kismet, Just thought I'd jump in here as I do a lot of this kind of thing, and in case you haven't

On 06/10/2016 15:48, Kismet Agbasi wrote: >> Did you remember to activate kernel ip forwarding? >> i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ? > I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. OK , let's just do one other simple

On 06/10/2016 16:33, Kismet Agbasi wrote: > Thanks Keith. Here's the output: OK. I'd like to say that I recognize this is now off topic for the tinc list, as it really is about basic routing and firewalls and has little if anything to do with tinc at this point. However, it's a low volume list, so unless anyone complains, lets thrash it out here. > wrong interface......hmmm.

On 06/10/2016 17:16, Kismet Agbasi wrote: > Thanks again Keith. I disabled UFW and flushed iptables completely, but same result. Pings from the external node are reaching the internal node on the tinc0 interface but nothing happens after that. Now that I'm thinking of it, I did some masquerading in order to get OpenVPN to work on another box, I wonder if that would be applicable here?

Hi, with locally compiled version: tinc version 1.1pre14-65-g93584bc I'm getting repeated segfault: [Thu Jun 8 08:39:02 2017] tincd[556]: segfault at 7ffdb77d0000 ip 00007f68ea77c194 sp 00007ffdb77cd4c8 error 4 in libc-2.19.so[7f68ea6ea000+1a2000] [Sat Jun 10 21:18:10 2017] tincd[7625]: segfault at 7ffc8c852000 ip 00007ff298de7194 sp 00007ffc8c84e928 error 4 in