similar to: CVE-2019-14899 can potentially affect tinc VPNs

On Sat, Mar 26, 2016 at 12:03:48AM +0100, albi at life.de wrote: > 1 vpn was running fine, but now that I run 5 vpns, my kvm crashes sometimes. Especially when I stop tinc. > I used tinc 1.0.26 from repo. > Now I tried tinc 1.1 pre, same problem but less often. > > Any help or idea why system crashes? So the KVM instance itself crashes? Or Linux inside the VM? Any error messages

On Fri, 6 Dec 2019 at 04:40, Kenneth Porter <shiva at sewingwitch.com> wrote: > > <https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/> > Thanks for the heads up > This affects all VPNs and is a consequence of using "loose" reverse path > filtering for anti-spoofing. The default CentOS setting is

Hi, I configured 2 vpn's between 2 servers. When starting the tinc on each server. De 2 vpns's look like 1 vpn. Can tinc be configure for multiple vpn's between 2 hosts or more. Lets say there are 3 servers A, B and C. I want a tinc vpn between host A en host B. And a second vpn between host B en C without is becoming one vpn. And for example a third vpn between host A en host

I use 3 Ubuntu server 14.04 as KVM guest. Now I run 5 tinc vpns in switch mode. I use the same key for every vpn. Every kvm has connect to the two other servers. I need 5 vpns to have 5 networks connected but seperated. 1 vpn was running fine, but now that I run 5 vpns, my kvm crashes sometimes. Especially when I stop tinc. I used tinc 1.0.26 from repo. Now I tried tinc 1.1 pre, same problem but

Hello, response time: how is it possible to increase the response time on Tinc VPNs. When I use tinc over a fast or giga-bit network connection the ping-response time is normally about 1800 to 2000 ms. Sometimes I get ping response times at about 2.500 to 3.000 ms over a normal Ethernet Connection or a television-cable connection within the same providers-network in the same city. The ping-time

<https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/> This affects all VPNs and is a consequence of using "loose" reverse path filtering for anti-spoofing. The default CentOS setting is strict filtering but you may have changed this to loose for some unusual routing situations. Check that the value of

On Thu, May 14, 2015 at 10:12:40AM +0200, Florent B wrote: > > I have no experience with Ubuntu, but I find it hard to believe it would > > block ICMP Fragmentation Needed packets out of the box. > > I can confirm you that this is the case. Ubuntu ignores those ICMP > packets... :( (rp_filter settings) > > You can see it here : https://mellowd.co.uk/ccie/?p=5662

I meant Tinc site-site VPN deployments in US business segments. Just references if any. On Tue, Mar 20, 2018 at 1:44 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Tue, Mar 20, 2018 at 12:53:55PM -0700, al so wrote: > > > Are there any Tinc deployments in the USA in Medium sized businesses and > > small Enterprises? > > Yes. However, VPNs are Virtual *Private*

Package: xen Version: 4.0.1-5.11 Severity: important Tags: security, fixed-upstream Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6 Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch --- Henri Salo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc:

Hi, Guus The use case the shared default gateway for multi-tenant, if that the case the node who own the default gateway will have problem to route with different tenant who has overlapped address scope? Is it true when no any other tools like the namespaces? (tenant1)\ (tenant2)——common node—— shared gw node—— Internet (tenant3)/ But if the each tenant have it’s dedicate default gateway, but

From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from

And, I ran a constant ping from the tinc client’s IP to the tinc server’s IP, it shows, the pings are all successfully back and forth, no any packet loss during the connection drop happens, so will this help to exclude any NAT/firewall cause the connection drop? And as you saw from the earlier screen shot, when it happens, it drop all tinc connections, and those connections are for different

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the

Because of security vulnerabilities in tinc that have recently been discovered, we hereby release tinc versions 1.0.35 and 1.1pre17. Here is a summary of the changes in tinc 1.0.35: * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). Here is a summery of the changes in tinc 1.1pre17: * Prevent oracle attacks in the

Hello everyone, Today is exactly 10 years ago that tinc 1.0 was released. I would have hoped to celebrate this by releasing 1.0.22 and 1.1pre8 today, but this will instead happen in one week. Tinc 1.1 is close to becoming stable, and I hope to release 1.1.0 before the end of the year. The main features of tinc 1.1 are the improved security over tinc 1.0, and a much nicer interface that makes it

Hello everyone, Today is exactly 10 years ago that tinc 1.0 was released. I would have hoped to celebrate this by releasing 1.0.22 and 1.1pre8 today, but this will instead happen in one week. Tinc 1.1 is close to becoming stable, and I hope to release 1.1.0 before the end of the year. The main features of tinc 1.1 are the improved security over tinc 1.0, and a much nicer interface that makes it

Because of a security vulnerability in tinc that was recently discovered, we hereby release tinc versions 1.0.21 and 1.1pre7. Here is a summary of the changes in tinc 1.0.21: * Drop packets forwarded via TCP if they are too big (CVE-2013-1428). Here is a summary of the changes in tinc 1.1pre7: * Fixed large latencies on Windows. * Renamed the tincctl tool to tinc. * Simplified changing the

Because of a security vulnerability in tinc that was recently discovered, we hereby release tinc versions 1.0.21 and 1.1pre7. Here is a summary of the changes in tinc 1.0.21: * Drop packets forwarded via TCP if they are too big (CVE-2013-1428). Here is a summary of the changes in tinc 1.1pre7: * Fixed large latencies on Windows. * Renamed the tincctl tool to tinc. * Simplified changing the

hi all, http://www.newriders.com/books/title.cfm?isbn=1578702666 I searched the tinc archives and I know one of the authors asked a few questions about tinc. http://mail.nl.linux.org/tinc/2001-06/msg00030.html So...go out and buy it :) armijn -- --------------------------------------------------------------------------- armijn@nl.linux.org | http://people.nl.linux.org/~armijn/ | Penguin

On Thu, Mar 08, 2001 at 11:51:53AM +0100, Marcel Loesberg wrote: > I'm going to build a VPN and I want to use either Tinc or FreeS/WAN. > I've started building the VPN with FreeS/WAN and I find things are getting > rather complicated. > I looks like Tinc is much easier to configure but in the FAQ and in what I've > seen of the documentation so far there is no mention of