Displaying 20 results from an estimated 300 matches similar to: "tinc 1.1pre10 "failed to decrypt record" on Windows client"
2014 Jun 21
2
tinc-1.1pre10 seems to be broken on Windows
Hi,
I was previously using tinc-1.1pre8 and it worked just fine, but after
upgrading to tinc-1.1pre10 my Windows machine is unable to connect to my
tinc network, as it fails to complete the handshake.
Steps to reproduce:
- Set up a Linux node with tinc-1.1pre10 using "tinc init"
- Set up a Windows node with tinc-1.1pre10 using "tinc init", and try to
make it connect to the
2014 Jul 16
2
Some questions about SPTPS
I've been using SPTPS (a.k.a ExperimentalProtocol) for a while now, but
I've only recently started looking into the details of the protocol
itself. I have some questions about the design:
- I am not sure what the thread model for SPTPS is when compared with
the legacy protocol. SPTPS is vastly more complex than the legacy
protocol (it adds a whole new handshake mechanism), and
2015 May 16
2
"Invalid KEX record length" during SPTPS key regeneration and related issues
Hi,
I'm currently trying to troubleshoot what appears to be a very subtle
bug (most likely a race condition) in SPTPS that causes state to
become corrupted during SPTPS key regeneration.
The tinc version currently deployed to my production nodes is git
7ac5263, which is somewhat old (2014-09-06), but I think this is still
relevant because the affected code paths haven't really changed
2018 Mar 16
3
SPTPS in 1.1
Is SPTPS protocol enabled in 1.1 by default? Or we need to manually enable
it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180316/2360e357/attachment.html>
2015 May 17
2
"Invalid KEX record length" during SPTPS key regeneration and related issues
I sent you a pull request that addresses the general issue, at least
for the short term: https://github.com/gsliepen/tinc/pull/83
On 16 May 2015 at 19:36, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Sat, May 16, 2015 at 04:53:33PM +0100, Etienne Dechamps wrote:
>
>> I believe there is a design flaw in the way SPTPS key regeneration
>> works, because upon reception of
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)
2014 Apr 15
1
tinc 1.1pre19 slower than tinc 1.0, experimentalProtocol even more
Hi there,
we're using tinc to mesh together hosts in a public datacenter (instead of
using a private VLAN, sort of). So all hosts are reasonably modern;
connections are low latency with an available bandwith of around 500Mbit/s
or 1Gbit/s (depending on how close they are to each other). Iperf between
two nodes directly reports around 940Mbit/s. The CPUs are Intel(R) Core(TM)
i7-4770 CPU @
2013 Dec 17
1
Speed issue in only one direction
Hi all,
I'm back again with my speed issues. The past issues where dependant of
network I used.
Now I run my tests in a lab, with 2 configurations linked by a Gigabit
switch :
node1: Intel Core i5-2400 with Debian 7.2
node2: Intel Core i5-3570 with Debian 7.2
Both have AES and PCLMULQDQ announced in /proc/cpuinfo.
I use Tinc 1.1 from Git.
When I run an iperf test from node2 (client) to
2014 Apr 06
1
Status of Experimental Protocol
Is there any indication of when we might see the protocol stabilize in the
1.1pre branch? It seems to be quite an improvement already. Perhaps some
configuration could be added to allow for specifying a protocol version,
rather than the 'ExperimentalProtocol=yes' flag? What are the roadblocks to
stabilizing it and is there any need or desire for help accomplishing this?
While I'm
2015 Dec 02
5
[PATCH] Receive multiple packets at a time
Hello,
Linux has a recvmmsg() system call which allows to achieve several
recvfrom() at a time. The patch below makes tinc use it (patch against
1.1-pre11). Basically the patch turns the handle_incoming_vpn_data
variables into arrays (of size 1 when recvmmsg is not available, and
thus compiled the same as before), and makes the code index into the
arrays. You may want to use interdiff -w
2014 Feb 25
3
PMTU = 1518 over local network at 1500 MTU
Hi all,
I have two nodes, connected to a switch, using Tinc 1.1 from git.
They connect each other with sptps, and to other nodes in the Internet
with old protocol because they have Tinc 1.0.
There is no problem with remote nodes, but between my 2 local nodes,
they see 1518 PMTU. But local network is 1500 MTU !!! So nodes can ping
each other but larger data does not go.
test1=sllm1
test2=sllm2
2015 Jul 05
3
Different PRF with --disable-legacy-protocol?
Hi everybody.
I'm struggling with setting up an SPTPS connection between two of my
machines. I attached the patch that I used to analyze this. Apparently
different keys are derived depending on the crypto backend. Is this
intentional?
Linking to openssl results in
char key[] = {
0xb2, 0x9d, 0x8d, 0x24, 0x91, 0x04, 0xaf, 0x25,
0x3f, 0x10, 0x34, 0x9d, 0xc7, 0x73, 0x8c, 0xe1,
0x24, 0x32,
2015 Apr 21
1
Questions about routing issue
Hello,
I'm running a tinc network including dozens of nodes in switch mode.
Some are running stable branch 1.0, while a small set of nodes are
running 1.1 with ed25519 support.
I discovered some routing issue between two nodes:
(names are hidden)
A (1.1):
ConnectTo = B
ConnectTo = C
IndirectData = yes
Mode = Switch
B (1.0):
Mode = Switch
C (1.1 but only with RSA key):
Mode = Switch
2014 Dec 04
5
init script for tinc-1.1pre10
HI,
Is there an init script to start stop tinc tinc-1.1pre10 for debian.
I am running tinc -n name --pidfile /dir/name start from /etc/rc.local
sometimes it's not creating the pid file but I see the process running.
It would be great if we can manage it from /etc/init.d/
Thanks
Anil
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2014 Feb 07
2
[Announcement] Tinc version 1.1pre10 released
With pleasure we announce the release of tinc version 1.1pre10. Here is a
summary of the changes:
* Added a benchmark tool (sptps_speed) for the new protocol.
* Fixed a crash when using Name = $HOST while $HOST is not set.
* Use AES-256-GCM for the new protocol.
* Updated support for Solaris.
* Allow running tincd without a private ECDSA key present when
ExperimentalProtocol is not
2014 Feb 07
2
[Announcement] Tinc version 1.1pre10 released
With pleasure we announce the release of tinc version 1.1pre10. Here is a
summary of the changes:
* Added a benchmark tool (sptps_speed) for the new protocol.
* Fixed a crash when using Name = $HOST while $HOST is not set.
* Use AES-256-GCM for the new protocol.
* Updated support for Solaris.
* Allow running tincd without a private ECDSA key present when
ExperimentalProtocol is not
2014 Sep 28
1
Proposals for UDP information transport over the metagraph
While working on SPTPS UDP relaying I realized that there is one issue
I didn't account for, which is that the sending node only knows the
PMTU to the first relay node. It doesn't know the PMTU of the entire
relay path beyond the first hop, because the relay nodes don't provide
their own PMTU information over the metaprotocol.
Now, in the legacy protocol this is not really an issue,
2014 Sep 25
1
Tinc1.1pre10 on Windows 8.1?
Hello tincers,
I run a small tinc mesh using version 1.1pre10 on mostly linux (debian) hosts. In the past, I was able to successfully join my windows machine to the tinc network, when I was running an earlier version of tinc (throughout the mesh). However, with 1.1pre10, I have had no success. Is this a known error, a misconfiguration on my part, or some other issue? I currently have no tinc-up
2003 May 27
2
Call Detail Record Analysis Packages?
Can anyone share any links regarding packages to do Call Detail Record (CDR)
analysis from the CDR Master file?
Login-distance reconciliation, billback, and data presentation are three primary
areas of interest.
Thanks in advance for your help!
--Nick
--
Nick Eggleston
Consultant
Data Communications Consulting, Inc.
6320 Rucker Road, Suite E
Indianapolis, IN 46220
317/726-0295 x18