similar to: How to recognize tinc TCP connection with iptables

Hello, I've set up a tinc "server" named "spitzer" in proxy arp mode, and a client "inspiron" that connects to it. inspiron runs tinc 1.0.16, spitzer runs 1.0.11. Ping and ssh from inspiron to spitzer and other hosts in the network (via spitzer) works fine. Ping and ssh from other hosts in the network to inspiron works fine (i.e. going through spitzer works

Hello, I am experiencing system hangs when running NFSv4 over a tinc VPN. I don't know if the problem is with NFS or tinc and would appreciate any suggestions on how to narrow down the culprit. Unfortunately I cannot simply run NFS directly over TCP -- the participating systems are connected only over an open network. The configuration is as follows: I have a master server

Hello, I want to use a tinc node as a default gateway in router mode. My first attempt was to just add an extra, lower priority subnet for the host that should act as the gateway: Subnet = 192.168.12.2/32 Subnet = 0.0.0.0/0#20 but this doesn't seem to work: # route add 173.255.235.238 gw 192.168.12.2 # ping 173.255.235.238 results in the local tinc process complaining that Read packet

Hello, The qemu emulator has a feature to fork a samba instance for file sharing with the emulated hosts. It communicates with smbd over stdin. The generated configuration file contains a "smb ports = 0" directive to prevent smbd from listening to any ports. Unfortunately, with at least Samba 3.6.4 this causes a segfault instead: [0] vostro:/tmp/qemu-smb.6836-0# smbd -i -s smb.conf

Hello, I would like to run two tinc instances to connect one machine to two separate VPNs. Starting the second instance fails with /dev/net/tun is a Linux tun/tap device (tun mode) Can't bind to 0.0.0.0 port 655/tcp: Address already in use Can't bind to :: port 655/tcp: Address already in use Unable to create any listening socket! Is it possible to have several tun devices? With what

Hello, I have three clients that connect to one server. The server runs tinc 1.0.11 and one client runs tinc 1.0.19. I recently upgraded the two other clients from tinc 1.0.11 to tinc 1.0.16. Since the upgrade, the server now regularly logs messages of the form Aug 26 12:17:42 ebox tinc.rath[4049]: Unauthorized request from hspc (87.173.111.136 port 42836) or Aug 25 18:39:12 ebox

Hello, According to http://tinc-vpn.org/documentation/tinc_4.html: ,---- | Name = <name> [required] | | This is a symbolic name for this connection. The name should consist | only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _). `---- However, if I set an arbitrary name, I get # tincd -D -n hbt -d tincd 1.0.11 (Nov 18 2009 03:31:26) starting, debug level 1 Cannot

Hello, I want to copy lots of small files from a network file system. Reading a file always takes at least one network round trip. This makes any program that tries to copy the files one after another terribly slow. I searched the archives and already found that rsync is not (and will not be for quite some time) able to work in parallel, but that people have had success by starting several rsync

Hello, Is there a way to tell tinc to use a "proxy = exec ..." for only some specific node? Maybe by having the program decline handling nodes by exiting with a specific error code? Best, -Nikolaus -- ?Time flies like an arrow, fruit flies like a Banana.? PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C

Hello, About once or twice a week, dovecot's imap-login process on my system seems gets out of control, eating 100% CPU for about 2 hours. Afterwards everything seems to go back to normal. I am using Dovecot 2.1.7 on a 64 bit Debian wheezy system. When running gdb on the process in this stage, I get the following traceback: #0 0x00007fcba50c5a90 in read () from

Hello, I'm confused by the subnet-up calls made by tinc. I was assuming that I'd be called once when it connects to another node. However, subnet-up appears to be called much more often than that. For example, I have the following configuration: ,---- | $ cat tinc.conf | ConnectTo = spitzer | Name = chronos | Mode = switch | | $ cat hbt/hosts/spitzer | address =

Hello list, I looked around online but didn't find an answer, so if you can help me out, I'll appreciate I'm trying to create a tinc network which transmits data as UDP and not TCP, because I will pass VoIP traffic on top of it, which would not work fine if using TCP. I have configured tinc between 2 machines and it's working fine, default ports open (UDP 655 and TCP 655) and I

Is there a way to get a running transaction log from a Dovecot instance to synchronize (and I use that word very, very loosely) multiple instances that don't share a network? Why I would want to do such a thing: I have a couple way stations along a long, winding road through very hilly country, and at each of these stations, I have a few people (and many, many more at one end of the road).

Hello, I am investigating a data-loss bug in SSHFS (https://github.com/libfuse/sshfs/issues/72). While the root cause is in SSHFS and has already been fixed, there seems to be some unfortunate interaction with what I believe is an OpenSSH bug: As far as I can tell, when sending a SSH_FXP_OPEN request with SSH_FXF_WRITE (i.e., opening the file write only), and then following up with a

On Jul 11 2017, Guus Sliepen <guus-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org> wrote: > On Mon, Jul 03, 2017 at 02:24:55PM +0200, Nikolaus Rath wrote: > >> After upgrading my client system from Debian jessie to Debian stretch >> (which includes an update from tinc 1.0.24 to tinc 1.0.31), I am >> having trouble with my VPN: > [...] >> Proxy = exec

On Jul 29 2017, Guus Sliepen <guus-NnCthlHDAqpg9hUCZPvPmw at public.gmane.org> wrote: > On Sat, Jul 29, 2017 at 12:47:02PM +0200, Nikolaus Rath wrote: > >> >> Proxy = exec /etc/tinc/rath/triv_proxy.sh >> > >> > Indeed, it seems like Proxy = exec was broken by a commit that fixed >> > some issue with the other proxy types. For now the workaround is

Hello, I have been told on Freenode's #dovecot to ask here. I have Exim 4.92 complaining about "Non-CRLF-terminated header, under CHUNKING: message abandoned" with redirects made by Pigeonhole 0.5.5 (with Dovecot 2.3.5.1). Please find relevant part of the traffic below, and help me determine whether Exim is correct on this. ? 0x0000:? 4500 0954 0000 4000 8006 0000 7f00 0001? E..T..

Hello, After upgrading my client system from Debian jessie to Debian stretch (which includes an update from tinc 1.0.24 to tinc 1.0.31), I am having trouble with my VPN: As long as I let tinc connect directly (no "Proxy" configuration option on the client), everything works fine: # tincd -n rath -D -d tincd 1.0.31 starting, debug level 1 /dev/net/tun is a Linux tun/tap device (tun

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=65 Summary: Problem with error message when tcp-flags doesn't recognize a flag Product: iptables userspace Version: 1.2.7a Platform: other OS/Version: other Status: NEW Severity: minor Priority: P2 Component: iptables

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=65 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From