similar to: tinc 1.1pre4 on Win7x64 --mlock prevents service from starting

I have the habit of putting the name of the host within the host file as a comment usually on the first line. Helps when files are renamed and tracking. The new version exports Name = victor and so the old comment style is not necessary. I would think the new version should still simply ignore lines that begin with the '#' character. For example, a normal host file named victor that

[This email is either empty or too large to be displayed at this time]

ping times to ConnectTo machine are often over a second or at least 300 milliseconds. Hundreds or thousands of times slower than other nodes from same physical location.

(Second try to send this. I wonder if the first one gotten eaten by a spam filter; I'll link to patches instead of attaching them.) Here are the tincctl patches I've been working on. They apply to http://www.tinc-vpn.org/svn/tinc/branches/1.1@1545. I intend to commit them once the crypto stuff's fixed. Since they're basically done, I'm emailing them now for review and in case

So as best practice running tinc I should include it ? Regards Yazeed Fataar <yazeedfataar at hotmail.com> On Sun, Feb 14, 2016 at 1:08 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Sun, Feb 14, 2016 at 10:53:19AM +0300, Yazeed Fataar wrote: > > > Going through the options tinc has . Can someone explain exactly what the > > purpose is for -L option for the

There's one vulnerability that's bugged me for some time. It applies to nearly all crypto software, including ssh. That's the swapping of sensitive info (such as keys and key equivalents) onto hard drives where they could possibly be recovered later. The Linux kernel provides a system call, mlock(), that inhibits swapping of a specified region of virtual memory. It locks it into real

*You should repeat this for all nodes you ConnectTo, or which ConnectTo you. However, remember that you do not need to ConnectTo all nodes in the VPN; it is only necessary to create one or a few meta-connections, after the connections are made tinc will learn about all the other nodes in the VPN, and will automatically make other connections as necessary. * The above is from the docs. Assuming

First off, thanks to all who have made tinc possible and continue to work developing it. I hope perhaps in time I can become a useful part of this community. :) I'm having an interesting issue with tincctl and was hoping someone could shed some light on it. Everything seems to work correctly when I build for OSX; however on linux and windows builds, I always receive connection

Hi, All Due to some routing rotation purpose, I use crontab to add below info: 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 1 * * * * /usr/sbin/tincd -n myvpn -k 1 * * * * /usr/sbin/tincd -n myvpn --debug=3 30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp

Hi, experts for example, the below case: You can see a lot of back and forth MTU probe packets been exchanged between tinc nodes, but it’s weird that, from the debug log, one line shows "No response to MTU probes from node1”, but it indeed received a lot of MTU probe response, and finally it get the conclusion of "Packet for node1 (1.1.1.1 port 443) larger than minimum MTU”.

I have some real problems with the xennet, when disable and try to enable the nic I get a BSoD due to ndis.sys Further more the system still fails to get an IP using dhcp. The box is after a lot of cleanup, now on the 217 GPLPV. I could provide additional details on demand next week. (I''m unsure to get the machine earlier in my reach due to an on site power outage) thx, Florian

Tinc team: I'm creating a vpn for my work laptop and vps and got trapped, here are my config files: on laptop: *tinc.conf Name = envy13 Device = /dev/net/tun ConnectTo = main *hosts/main Address = <my vps ext ip address> Port = 655 Subnet = 10.0.0.1/32 *hosts/envy13 Port = 655 Subnet = 10.0.0.2/32 *tinc-up #!/bin/sh ip link set myvpn up ip addr add 10.0.0.2/32 dev myvpn ip route add

Hi, Tinc experts Diagram as below, A is trying to access host X behind C: A >> B >> C — “host X" B is the tinc server for A, but also B is the tinc client to connect to C. My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32,

1. Is there any tools/command, we can show the subnet where a certain tinc nodes learnt? So that I can know the weight for certain subnet(in real time), instead of go back to the node’s (who advertise the subnet) configuration file to check. 2. So far in order to change the weight of a subnet, or something else, I have to reset the tinc daemon( tincd -k -n myvpn and then tincd -n myvpn) in

Hi Tinc Groups again, Now i can set syslog. But my problem still the same. When i check Tap0 configure. I know idea what's wrong that i set. I set up tap follow these. ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 192.168.1.1 netmask 255.255.255.0 ifconfig tap0 -arp But i notice in my routing table have 2 myvpn. Like these, myvpn * 255.0.0.0

Hi All Going through the options tinc has . Can someone explain exactly what the purpose is for -L option for the runtime command. So does this mean that tinc will run in RAM and will not be saved in swap (default) ? ================ -L, --mlock Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap

On Sun, Feb 14, 2016 at 01:12:11PM +0300, Yazeed Fataar wrote: > So as best practice running tinc I should include it ? I personally see little value in it. If you want to enable it, be sure to understand the implications of locking a process in RAM; you should have more RAM than the tincd process memory will ever use, and you should check that there are no resource limits that prevent tinc

Hi, Guus Thanks a lot for your suggestion, actually I did something else as below. But one question here is if I don’t add "/sbin/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0”, it seems the crontab wouldn’t trigger tinc-up, and then the ip addr of myvpn wouldn’t be configured, then it will prompt the error of "Can't write to Linux tun/tap device (tun mode) /dev/net/tun:

On Sun, Feb 14, 2016 at 10:53:19AM +0300, Yazeed Fataar wrote: > Going through the options tinc has . Can someone explain exactly what the > purpose is for -L option for the runtime command. > > So does this mean that tinc will run in RAM and will not be saved in swap > (default) ? Yes, that's exactly what it does. -- Met vriendelijke groet / with kind regards, Guus

i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but ?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked? ? Filed CentOS bug report 7977