similar to: Possible improvements to LocalDiscovery

I would like to discuss the following commit: https://github.com/gsliepen/tinc/commit/4a0b9981513059755b9fd15b38fc198f46a0d6f2 ("Determine peer's reflexive address and port when exchanging keys") This is a great feature as it basically allows peers to do UDP Hole Punching (via MTU probes) even when both are having their source ports rewritten by a NAT, which is extremely useful.

Hi, I believe I have found a bug with regard to the LocalDiscovery feature. This is on tinc-1.1pre7 between two Windows nodes. Steps to reproduce: - Get two nodes talking using LocalDiscovery (e.g. put them on the same LAN behind a NAT with no metaconnection to each other) - Make one ping the other. Expected result: - The two nodes should ping each other without any packet loss, hopefully at

Hi, I am playing with LocalDiscovery again and have noticed that I do not see any LocalDiscovery broadcasts anymore. I am using tinc 1.1-pre9 in switch mode and have set LocalDiscovery = yes in tinc.conf. I do not see any broadcasts on any network and I also do not see anything in the debug output. What to do? -nik -- # apt-assassinate --help Usage: apt-assassinate [upstream|maintainer]

Hang on a second. I've just re-read your original message and I believe you are confused about what the "Subnet" option does. Again, it deals with addresses *inside* the VPN. In the configuration you posted you seem to be using 10.240.0.4 and 10.240.0.5 as internal addresses, but then your other statements (and especially your dump edges output) seem to indicate that 10.240.0.4 and

On Tue, Feb 14, 2017 at 1:46 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Tue, Feb 14, 2017 at 11:21:34AM -0500, James Hartig wrote: > >> Those 2 boxes are in the same subnet and have addresses of 10.240.0.4 and >> 10.240.0.5, respectively, on their eth0 interface. Port 655 on tcp and udp >> is open to the world. The tinc_test_2 box has a ConnectTo of

We are testing tinc inside Google Compute within a single region and an external region. Two boxes are created as follows: /etc/tinc/test/tinc_test_1 Subnet = 10.240.0.0/16 Subnet = 10.240.0.4/32 Address = 104.154.59.151 /etc/tinc/test/tinc_test_2 Subnet = 10.240.0.0/16 Subnet = 10.240.0.5/32 Address = 104.197.132.141 /etc/tinc/test/tinc.conf Name = $HOST AddressFamily = ipv4 Interface = tun0

@Etienne, I understood your explanation about the Subnet being the network *inside* the VPN, but the following the example https://www.tinc-vpn.org/examples/proxy-arp/, it seems to have: Subnet = 192.168.1.0/24 for the office, yet the IP address for the office is 192.168.1.2. Is that example no longer valid or am I misunderstanding? On Tue, Feb 14, 2017 at 4:01 PM, James Hartig <james at

Can you specify which version of tinc you're using? There are vast differences in the way LocalDiscovery works between 1.0 and 1.1. The former uses broadcast, the latter unicast to explicitly advertised local addresses. You say that tinc_test_1's eth0 interface is configured with 10.240.0.4, and tinc_test_2's eth0 interface is configured with 10.240.0.5. How are the public addresses

Hi, I was previously using tinc-1.1pre8 and it worked just fine, but after upgrading to tinc-1.1pre10 my Windows machine is unable to connect to my tinc network, as it fails to complete the handshake. Steps to reproduce: - Set up a Linux node with tinc-1.1pre10 using "tinc init" - Set up a Windows node with tinc-1.1pre10 using "tinc init", and try to make it connect to the

On Tue, Feb 14, 2017 at 1:22 PM, Etienne Dechamps <etienne at edechamps.fr> wrote: > > Can you specify which version of tinc you're using? There are vast differences in the way LocalDiscovery works between 1.0 and 1.1. The former uses broadcast, the latter unicast to explicitly advertised local addresses. I'm using tinc 1.1pre14. I noticed there's an option,

On Tue, Feb 14, 2017 at 3:43 PM, Etienne Dechamps <etienne at edechamps.fr> wrote: > Hang on a second. I've just re-read your original message and I > believe you are confused about what the "Subnet" option does. Again, > it deals with addresses *inside* the VPN. In the configuration you > posted you seem to be using 10.240.0.4 and 10.240.0.5 as internal >

These two networks can be the same, i.e. the VPN can be an extension of your local network, sharing the same subnet. That's one the many ways things can be set up. The same result can be achieved through other ways (e.g. Ethernet-level bridging). This does not contradict my earlier statement: a subnet can be *both* inside *and* outside the VPN, depending on the scenario. The Subnet

Hi, I have already working set of tinc nodes and tried to add one more machine, mac mini with osx yosemite onboard. Tincd starts and connects to other nodes as supposed but I can't connect to mini from any of other nodes. When I try to use ssh the following lines appears repeatedly in mini's logs along with the regular logs about making connections and MTU probes: > Got PACKET from

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

On 11 November 2015 at 21:57, David Nicol <davidnicol at gmail.com> wrote: > it is entirely possible to write code that uses threads on Win32 and forks > on POSIX by abstracting the communication bits generically. Signalling could > work over pipes on both. > > https://msdn.microsoft.com/en-us/library/windows/desktop/aa365152(v=vs.85).aspx Hum... yes of course, but I

You might want to try with https://github.com/gsliepen/tinc/pull/120 - that said, this bug probably doesn't explain everything because tinc is supposed to log a message from setup_vpn_in_socket() anyway, but there's no such message in your log. In addition, I really don't see any way the "Received UDP packet from unknown source" message could be logged if the UDP socket

On 12 November 2015 at 01:15, fauno <fauno at kiwwwi.com.ar> wrote: > Etienne Dechamps <etienne at edechamps.fr> writes: >> (I realize that this means UPnP support could possibly be achieved >> simply by suggesting that the user spawn some standalone UPnP client >> process in the background from the tinc-up hook. That's not very >> user-friendly, though.

Hi, I have tried the LocalDiscovery feature of tinc. The problem is that it also sends broadcast probes out the CPN interface *and* detects nodes on the VPN. A connection is then established through the tunnel, which effectively breaks connectivity between the two nodes. I do not think that discovering hosts on the VPN makes sense in any way. How can it be disabled? I could easily netfilter

Hello, Thanks to recent fix of 'Failed to decrypt and verify packet' issue by Etienne, I decided to upgrade tinc on a few nodes. I had to go back to 1.1pre9 immediately because tinc on my laptop didn't survive the restart of other nodes. It aborted with the following message: Error while waiting for input: Bad file descriptor I could reproduce the issue. Here is strace output: