similar to: [Announcement] Tinc version 1.0.33 released

With pleasure we announce the release of tinc version 1.1pre16. Here is a summary of the changes in tinc 1.1pre16: * Fixed building with support for UML sockets. * Documentation updates and spelling fixes. * Support for MSS clamping of IP-in-IP packets. * Fixed parsing of the -b flag. * Added the ability to set a firemall mark on sockets on Linux. * Minor improvements to the build system.

With pleasure we announce the release of tinc version 1.1pre16. Here is a summary of the changes in tinc 1.1pre16: * Fixed building with support for UML sockets. * Documentation updates and spelling fixes. * Support for MSS clamping of IP-in-IP packets. * Fixed parsing of the -b flag. * Added the ability to set a firemall mark on sockets on Linux. * Minor improvements to the build system.

Well this has had me stumped for days now. For months I've been using tinc in TCPOnly because I always received the unknown host error when using UDP. On Monday, i set the flag IndirectData = yes in my host files, and removed the TCPOnly line. Initially, everything worked great. My throughput increased from 600KB/sec to 2MB/sec between the sites. However, I also did some testing with

Hi, I´m using Tinc for several years, but I didn´t fix a performance problem. There a about 20 nodes in this network. Master: 10.0.0.12 (dedicated host in a datacenter, debian, 100mBit port) tinc.conf: Name = TincKnoten12 AddressFamily = ipv4 Interface = tun ProcessPriority=high mode = router #DirectOnly = no Compression=0 PMTUDiscovery = yes #IndirectData = yes #ReplayWindow = 64 #ConnectTo

Hi, I upgraded some of my Tinc nodes from 1.0.8 recently and found something strange. All of a sudden, the vpn would not work as a full-mesh. Certain nodes were not contactable. I re-generated my rsa-keys, and checked my configuration. My vpn uses the following in tinc.conf, as I am routing both ipv4 and v6. === name = node1 mode = switch AddressFamily = any PMTU = 1280 PMTUDiscovery = yes

Currently, i have nodes with PMTUDiscovery =yes and ClampMSS = yes. When the server does not receive a PMTU request back from one of the clients even when the packet size is very small (say 164), then it reverts to TCP. Should i turn off PMTUDiscovery or should it be ok to leave on? It takes a very long time to do simple pings (1 second or so), so i wonder what else i can do?

The server has a 1G symmetrical fibre line. It has been speedtested to various local servers to be close to 800-900M. When there is only a single client, there isn't much problem and as soon as the connection is made, the ping time through to tunnel is a respectable 30ms. As soon as a few more clients are connected, ping time degrades to hundreds and sometimes seconds and with dropped packets.

> Currently, i have nodes with PMTUDiscovery =yes and ClampMSS = yes. Hello, these features were introduced in 1.0.13 correct ?? I also understand that the two settings are by default "yes" if not explictly set to "no" in the config file. what may happen if I have a network with mixed versions from 1.0.11 and 1.0.13, where the older daemons do not implement that feature

Aloha! I am new to tinc and I like to figure out my own issues before asking but I am not sure of my next step here. I am not sure if the problem is the VPN configuration or in my network. I will try to be as through as possible. I have two computers that are CentOS with the latest tinc from their respective repositories. Server A is behind a Sophos XG and Server B is behind a Ubiquiti Edge

Hello, all! I have many questions about tap device architecture. What is a right way to calc mtu on TAP device to avoid fragmentation on real eth device? I suppose TAP MTU = 1500-8(UDP)-20(IP)-18(Ethernet) = 1454. So I'd set 1454 for tap device: "ip link set mtu 1454 dev eth0" I'm not shure about what is the exact size of ethernet frame header, which tap device use in switch

I'm been experiencing a very very odd problem for the past several weeks and am throwing it out in case someone can shed some light on it for me. There is a single box on our tinc mesh which can be pinged from all hosts, but cannot ping any. It is not limited to ping, the box cannot communicate over tinc. tinc is running in router mode for this mesh. ~30 other nodes function normally,

Hello! I have 3 PCs - Windows, FreeBSD and Ubuntu. FreeBSD runs as a tinc server as it has a real IP. Ubuntu runs as a tinc client as it has a dynamically changing public IP. Windows has not tinc installed yet. Therefore I use Putty ssh client to ssh to FreeBSD machine (as it has real IP) and then from there I ssh to the Ubuntu box using its virtual IP. The connection establishes well, I can ping

On Tue, Apr 10, 2018 at 03:36:08PM +0200, Hans de Groot wrote: > hosta  <--> hostb  <-->  hostc > > Hosta and hostc are not directly connected via tinc. But both are conncted > via hostb (I called my network tincnet). This works fine I can ssh from > hosta to hostc and vice versa without any problems. > > hostc is in a whitelisted iprange at some service

Hello again :) Thank you all for your reply's. Below are the config files of the 3 hosts. I use  tinc in router mode. I do not have a kernel mode config lines anywhere so tinc must be using the default settings here. I added the ipaddressx to subnets on hostc and this works. Traffic to that ip is now routed via hostc. But since this ipaddressx address changes often I need to resolve it

Hello, A compilation failure happened when I tried building libvirt latest code on rhel8 Version: gcc-8.3.1-4.5.el8.x86_64 libvirt v5.9.0-352-g5e939cea89 Steps: 1. Clone libvirt source code 2. Create build dir, and run autogen.sh # cd libvirt # mkdir build && cd build # ../autogen.sh --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix=

Hi there, I am using tinc since some monthes. I think the basic idea of extending vpn to a mesh of systems via tun/tap is great. And I think it is one of the useable developments compared to the much more complex vpn solutions I had used in the past. Great work. Setting up tinc I have fought with the configuration (and with the concepts) for a while as I have found no example that covers my

Hi, the system fails to initialize your vbios using secureboot (i had a rare chance to on my system to witness it again), for now i traced it to acr_boot_falcon() in "linux/drivers/gpu/drm/nouveau/nvkm/falcon/msgqueue_0148cdec.c" where it throws -110 which is -ETIMEDOUT. You could try to increase the timeout and see if it helps something, similar to the following: diff --git

Hello, I am tying to create tinc vpn for the ~1000 nodes and was thinking why meta connections are needed at all if I only need static configuration where every node knows addresses of other hosts and due to the amount of traffic any indirect connections will not work, so DirectOnly=yes is a must and then passing around routing information is not needed, right? Currently I have 10 nodes

Hi there, we are using tinc in switched mode for over a year now, currently with 18 clients which are connected 24 hours a day and many which aren't connected the whole day, also. If i'm reading the changes from 1.0.9 to 1.0.10 and 1.0.11 correctly, tinc should work now, although "TCPOnly = yes" isn't set in the config files of clients which are behind a NAT firewall, e.g. a

Dear useRs, I have written a very simple function to compute some probabilities on words (function is below). The function includes a which() statement applied to a vector of characters (word.split): sapply (word.split, function(x) which(letters==x)). This statement worked as expected when used outside the global function : > word <- "hello" > (word.split <-