Displaying 20 results from an estimated 50000 matches similar to: "AutoConnect option and 1.1pre version"
2017 Aug 31
0
using both ConnectTo and AutoConnect to avoid network partitions
On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote:
> If you make the yellow nodes ConnectTo all other nodes, and not have
> > AutoConnect = yes, and the other nodes just have AutoConnect = yes but
> > no ConnectTo's, then you will get the desired graph.
>
> The reason this approach is not desirable is because it fails at
> automation. It requires us to
2017 Aug 22
3
using both ConnectTo and AutoConnect to avoid network partitions
Hi Guus
Thanks for clarifying. Some follow up questions:
- How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to
upgrade to?
- What is the workaround until we patch with this fix? Using a combination
of AutoConnect and ConnectTo?
- When we use ConnectTo, is it mandatory to have a cert file in the hosts/*
dir with an IP to ConnectTo ?
-nirmal
On Tue, Aug 22, 2017 at 12:10
2017 Aug 22
2
using both ConnectTo and AutoConnect to avoid network partitions
Hi
Today our Tinc network saw a network partition when we took one tinc node
down.
We knew there was a network partition since the graph showed a split. This
graph is not very helpful but its what I have at the moment:
http://i.imgur.com/XP2PSWc.png
- (ignore node labeled ignore, since its a dead node anyways)
- node R was shutdown for maintenance
- We saw a network split
- we brought node R
2017 Aug 31
2
using both ConnectTo and AutoConnect to avoid network partitions
Hi Guus
Following your suggestion we reconfigured our tinc network as follows.
Here is a new graph and below is our updated configuration:
http://imgur.com/a/n6ksh
- 2 Tinc nodes (yellow labels) have a public external IP and port 655 open.
They both have ConnectTo's to each other and AutoConnect = yes
- The remainder tinc nodes (blue labels) have their tinc.conf set up as
follows:
2017 Aug 31
2
using both ConnectTo and AutoConnect to avoid network partitions
Thanks Guss, some comments and questions:
If you make the yellow nodes ConnectTo all other nodes, and not have
> AutoConnect = yes, and the other nodes just have AutoConnect = yes but
> no ConnectTo's, then you will get the desired graph.
The reason this approach is not desirable is because it fails at
automation. It requires us to add a new line of AutoConnect = <new node
that
2017 Aug 23
0
using both ConnectTo and AutoConnect to avoid network partitions
On Tue, Aug 22, 2017 at 03:19:18PM -0700, Nirmal Thacker wrote:
> - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to
> upgrade to?
There will be an 1.1pre15, but if you want you can apply the following
commit:
https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=92fdabc439bdb5e16f64a4bf2ed1deda54f7c544
> - What is the workaround until we patch with this fix?
2017 Aug 22
0
using both ConnectTo and AutoConnect to avoid network partitions
On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote:
> Today our Tinc network saw a network partition when we took one tinc node
> down.
>
> We knew there was a network partition since the graph showed a split. This
> graph is not very helpful but its what I have at the moment:
>
> http://i.imgur.com/XP2PSWc.png
The graph is very clear.
> Some questions:
2017 Aug 24
1
using both ConnectTo and AutoConnect to avoid network partitions
Thanks Guus
I have one more question.
- We see several log messages that we dont currently understand - Can you
comment on what they mean and if they are concerning? I've obfuscated IP's
and node names so please ignore those. Our tinc daemon command is: tincd -n
<vpn name>
-- Received short packet
-- Got REQ_KEY from node003 while we already started a SPTPS session!
-- Invalid
2017 Aug 31
0
using both ConnectTo and AutoConnect to avoid network partitions
On Thu, Aug 31, 2017 at 10:40:39AM -0700, Nirmal Thacker wrote:
> Following your suggestion we reconfigured our tinc network as follows.
> Here is a new graph and below is our updated configuration:
> http://imgur.com/a/n6ksh
[...]
> We are concerned that:
> - We still dont see edges in the graph that show connections between every
> blue labeled node to both the yellow labeled
2018 Apr 24
1
Point-to-Point persistent connection on Tinc 1.1pre14
Hi
I'd like to build a Point-to-Point connection in Tinc 1.1pre14. My question
specifically is how does one configure the conf file to achieve this
Here's a simplified example:
1. There are 10 clients and 2 server nodes
2. All 10 clients have a Point-to-Point connection with the 2 server nodes
3. The 2 server nodes have Point-to-Point connection with all 10 clients.
4. In some ways this
2017 Sep 04
0
[Announcement] Tinc versions 1.0.32 and 1.1pre15 released
Thanks Guus!
Looking forward to trying out tinc 1.1pre15.
Can 1.1pre15 nodes coexist with 1.1pre14 nodes?
Nirmal
On Sat, Sep 2, 2017 at 1:47 PM Guus Sliepen <guus at tinc-vpn.org> wrote:
> With pleasure we announce the release of tinc versions 1.0.32 and
> 1.1pre15.
>
> Here is a summary of the changes in tinc 1.0.32:
>
> * Fix segmentation fault when using Cipher =
2017 Sep 04
0
[Announcement] Tinc versions 1.0.32 and 1.1pre15 released
Thanks Guus!
Looking forward to trying out tinc 1.1pre15.
Can 1.1pre15 nodes coexist with 1.1pre14 nodes?
Nirmal
On Sat, Sep 2, 2017 at 1:47 PM Guus Sliepen <guus at tinc-vpn.org> wrote:
> With pleasure we announce the release of tinc versions 1.0.32 and
> 1.1pre15.
>
> Here is a summary of the changes in tinc 1.0.32:
>
> * Fix segmentation fault when using Cipher =
2015 Jan 13
0
tinc connectTo cleanup
On Tue, Jan 13, 2015 at 10:37:28AM +0530, Anil Moris wrote:
> if I use AutoConnect = yes then will it automatically remove connections
> that are no longer in use?
> What are the security issues with 'AutoConnect = yes' I should be worried?
> for my use case I might go upto 20 to 30 + tinc hosts connected to single
> tinc box.
> as per the doc AutoConnect = yes is
2015 Jan 13
2
tinc connectTo cleanup
thanks Guus for the quick response.
I am using tinc 1.1
if I use AutoConnect = yes then will it automatically remove connections
that are no longer in use?
What are the security issues with 'AutoConnect = yes' I should be worried?
for my use case I might go upto 20 to 30 + tinc hosts connected to single
tinc box.
as per the doc AutoConnect = yes is experimental, I am using it in our
2018 Jun 28
1
1.0 or 1.1pre?
I have about 15 nodes running 1.1pre15 connected and running quite well.
I don't remember why I installed 1.1preX originally. Possibly because I
added a router with custom firmware to the network (Tomato Shibby
firmware for my ASUS router) which included 1.1pre14.
Now I'm trying to add an Openwrt device and it includes 1.0.33 only.
This will replace the Tomato Shibby device with
2012 Dec 05
1
[Announcement] Version 1.1pre4 released
With pleasure we announce the release of version 1.1pre3. Here is a
summary of the changes:
* Added the "AutoConnect" option which will let tinc automatically select
which nodes to connect to.
* Improved performance of VLAN-tagged IP traffic inside the VPN.
* Ensured LocalDiscovery works with multiple BindToAddress statements and/or
IPv6-only LANs.
* Dropped dependency on
2012 Dec 05
1
[Announcement] Version 1.1pre4 released
With pleasure we announce the release of version 1.1pre3. Here is a
summary of the changes:
* Added the "AutoConnect" option which will let tinc automatically select
which nodes to connect to.
* Improved performance of VLAN-tagged IP traffic inside the VPN.
* Ensured LocalDiscovery works with multiple BindToAddress statements and/or
IPv6-only LANs.
* Dropped dependency on
2018 Oct 08
1
[Announcement] Tinc version 1.0.35 and 1.1pre17 released
Because of security vulnerabilities in tinc that have recently been
discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of
the changes in tinc 1.0.35:
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
Here is a summery of the changes in tinc 1.1pre17:
* Prevent oracle attacks in the
2018 Oct 08
1
[Announcement] Tinc version 1.0.35 and 1.1pre17 released
Because of security vulnerabilities in tinc that have recently been
discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of
the changes in tinc 1.0.35:
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
Here is a summery of the changes in tinc 1.1pre17:
* Prevent oracle attacks in the
2018 Dec 18
0
subnet flooded with lots of ADD_EDGE request
On Tue, Dec 11, 2018 at 02:36:18PM +0800, Amit Lianson wrote:
> We're suffering from sporadic network blockage(read: unable to ping
> other nodes) with 1.1-pre17. Before upgrading to the 1.1-pre release,
> the same network blockage also manifested itself in a pure 1.0.33
> network.
>
> The log shows that there are a lot of "Got ADD_EDGE from nodeX
>