similar to: [Announcement] Tinc version 1.0.35 and 1.1pre17 released

Hello. Im running tinc from long time, but recently I noticed that tinc TCP connections are not closed correctly (timeout). They seem to linger around like this: Proto Recv-Q Send-Q Local Address Foreign Address State tcp 80 0 xxx.x.x.xx:58801 xx.xxx.xxx.xx:*** ESTABLISHED tcp 515 0 xxx.x.x.xx:45422 xx.xxx.xxx.xxx:*** ESTABLISHED

https://bugzilla.mindrot.org/show_bug.cgi?id=2492 Bug ID: 2492 Summary: Incomplete output of child process Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

With pleasure we announce the release of tinc versions 1.0.32 and 1.1pre15. Here is a summary of the changes in tinc 1.0.32: * Fix segmentation fault when using Cipher = none. * Fix Proxy = exec. * Support PriorityInheritance for IPv6 packets. * Fixes for Solaris tun/tap support. * Bind outgoing TCP sockets when ListenAddress is used. Thanks to Vittorio Gambaletta for his contribution to this

With pleasure we announce the release of tinc versions 1.0.32 and 1.1pre15. Here is a summary of the changes in tinc 1.0.32: * Fix segmentation fault when using Cipher = none. * Fix Proxy = exec. * Support PriorityInheritance for IPv6 packets. * Fixes for Solaris tun/tap support. * Bind outgoing TCP sockets when ListenAddress is used. Thanks to Vittorio Gambaletta for his contribution to this

Hello, 1.1pre17 does not support Windows XP.  The reason is that InitOnceExecuteOnce is not supported. I believe it is better to take the Windows XP name out of the download link. -rsd -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20190708/b68071ed/attachment.html> -------------- next part

With pleasure we announce the release of tinc version 1.0.30. Here is a summary of the changes: * Fix troubles connecting to some HTTP proxies. * Add mitigations for the Sweet32 attack when using a 64-bit block cipher. * Use AES256 and SHA256 as the default encryption and digest algorithms. Please note that this version of tinc requires all nodes in the VPN to be linked with a version of

With pleasure we announce the release of tinc version 1.0.30. Here is a summary of the changes: * Fix troubles connecting to some HTTP proxies. * Add mitigations for the Sweet32 attack when using a 64-bit block cipher. * Use AES256 and SHA256 as the default encryption and digest algorithms. Please note that this version of tinc requires all nodes in the VPN to be linked with a version of

Hi, My CentOS has upgrade the openssl to 1.1.1a, and I thought my tinc(1.0.35) installed by yum will use the new openssl, but it looks not the fact. So is tinc(1.0.35) support openssl 1.1.1a? If so, how can I make it running in this version of openssl?

On Sun, Aug 25, 2019 at 02:41:03PM +0200, Christopher Klinge wrote: > I am trying to run tinc version 1.1pre17 on fedora 30 hosts and I am running > into a problem. Building and starting tinc works just fine. [...] > However, the hosts cannot connect to each other. When checking the logs, the > following appears over and over again, for any combination of hosts: > > Error

With pleasure we announce the release of tinc versions 1.0.34. Here is a summary of the changes in tinc 1.0.34: * Fix a potential segmentation fault when connecting to an IPv6 peer via a proxy. * Minor improvements to the build system. * Make the systemd service file identical to the one from the 1.1 branch. * Fix a potential problem causing IPv4 sockets to not work on macOS. Thanks to

With pleasure we announce the release of tinc versions 1.0.34. Here is a summary of the changes in tinc 1.0.34: * Fix a potential segmentation fault when connecting to an IPv6 peer via a proxy. * Minor improvements to the build system. * Make the systemd service file identical to the one from the 1.1 branch. * Fix a potential problem causing IPv4 sockets to not work on macOS. Thanks to

Hey Folks, It seems that Homebrew for some reason arbitrarily decided to banish all of the --devel flavors from all of their installable packages.  I couldn't find any discussion as to why or what they intend to replace the function with. **update;  this is where they decided to do this; https://github.com/Homebrew/brew/pull/5060#issuecomment-428149176 But in the meantime, 1.1pre17 is

I noticed that my server has a lot ca. 1000x auth failure from different alocated in China / Romania and Netherlands per day since 3 days It looks to me like somebody was trying to get into server by guessing my password by brute force. what would be the best to stop this attack and how? the server running apache mysql and ftp PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 443/tcp

Saverio My current tinc 1.0.35 is running fine on CentOS, and recently and I upgrade the OpenSSL of the OS to 1.1.1a. After the upgrade, tinc works fine, but since the OpenSSL library is on a separate folder compared with previous version, I doubt tinc doesn’t use the new OpenSSL. Also, I doubted about whether tinc 1.0.35 support OpenSSL 1.1.1a as well, should I use the lastest tinc 1.1pre7 to

Hi Im running tinc 1.1pre17. My problem is that my tinc nodes occasionally crashes. When it crashes the tinc node is not running anymore. Time between failure can be sometimes days or weeks. Do anyone here have a proposal for how to debug and get this problem solved? Best regards, Håvard Rabbe

Is it possible to a configure a tinc (1.0.35) node to only send outbound through specific nodes, rather than trying to establish direct connections? I have a node which can connect to all the others directly, but some routes have terrible packet loss, so I'd like to configure it not to try. thansk Hamish

Tinc team: I'm creating a vpn for my work laptop and vps and got trapped, here are my config files: on laptop: *tinc.conf Name = envy13 Device = /dev/net/tun ConnectTo = main *hosts/main Address = <my vps ext ip address> Port = 655 Subnet = 10.0.0.1/32 *hosts/envy13 Port = 655 Subnet = 10.0.0.2/32 *tinc-up #!/bin/sh ip link set myvpn up ip addr add 10.0.0.2/32 dev myvpn ip route add

Hi I’ve noticed a large amount of UDP probe packets in my system. The default udp_discovery_interval is very low so I tried to increase it with configs UDPDiscoveryInterval UDPDiscoveryKeepaliveInterval However, this doesn’t work! Every second a probe is sent no matter what. After some digging in the sources I found that the interval timer is cleared in udp_probe_h() which causes try_udp()

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On Wed, 7 Oct 2020, Hamish Moffatt wrote: > On 22/9/20 4:44 pm, Hamish Moffatt wrote: >> Is it possible to a configure a tinc (1.0.35) node to only send outbound >> through specific nodes, rather than trying to establish direct connections? >> >> I have a node which can connect to all the others directly, but some