similar to: additional Port entry in tinc hosts key file

Tinc team: I'm creating a vpn for my work laptop and vps and got trapped, here are my config files: on laptop: *tinc.conf Name = envy13 Device = /dev/net/tun ConnectTo = main *hosts/main Address = <my vps ext ip address> Port = 655 Subnet = 10.0.0.1/32 *hosts/envy13 Port = 655 Subnet = 10.0.0.2/32 *tinc-up #!/bin/sh ip link set myvpn up ip addr add 10.0.0.2/32 dev myvpn ip route add

I found the server(1.1.1.1) didn’t receive the MTU probe from client, so I add iptables -A INPUT -p udp —port 443 -j ACCEPT. After this, I see one packet matching on the server side, and the MTU negotiation works, but when I tear down the tinc, and re-establish the tinc connection, the counter of below UDP/443 never increase, and also my other tinc nodes never add this statement on iptables, but

Hi, experts for example, the below case: You can see a lot of back and forth MTU probe packets been exchanged between tinc nodes, but it’s weird that, from the debug log, one line shows "No response to MTU probes from node1”, but it indeed received a lot of MTU probe response, and finally it get the conclusion of "Packet for node1 (1.1.1.1 port 443) larger than minimum MTU”.

Hi, Guus Thanks a lot for your suggestion, actually I did something else as below. But one question here is if I don’t add "/sbin/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0”, it seems the crontab wouldn’t trigger tinc-up, and then the ip addr of myvpn wouldn’t be configured, then it will prompt the error of "Can't write to Linux tun/tap device (tun mode) /dev/net/tun:

Hi, All Due to some routing rotation purpose, I use crontab to add below info: 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 1 * * * * /usr/sbin/tincd -n myvpn -k 1 * * * * /usr/sbin/tincd -n myvpn --debug=3 30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp

Hi, Can you help me explain some behaviour please? I've 2 tinc clients that happen to be on the same network and behind the same NAT gateway. They've been working for ages. Without anything changing, they've stopped. They both died, in sequence while I was actively connected to them and using an SSH session. When I check the logs of another tinc node they connect to I see

Hi, Can you help me explain some behaviour please? I've 2 tinc clients that happen to be on the same network and behind the same NAT gateway. They've been working for ages. Without anything changing, they've stopped. They both died, in sequence while I was actively connected to them and using an SSH session. When I check the logs of another tinc node they connect to I see

On Fri, May 26, 2017 at 09:30:44AM +0800, Bright Zhao wrote: > Due to some routing rotation purpose, I use crontab to add below info: > > 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp > 1 * * * * /usr/sbin/tincd -n myvpn -k > 1 * * * * /usr/sbin/tincd -n myvpn

Hello, Since the present tinc documentation is not very clear about this, please explain the following: is it mandatory to include the local IP address classes in the global VPN address class? Namely, please consider the following setup (which works great in practice): 1. A tinc VPN, full mesh, with n nodes (n > 3) 2. tinc runs on the firewall, which is also the default gateway for each

Hallo David, Am Mon, 6 May 2019 16:43:28 +0800 schrieb David Penn <px920906 at gmail.com>: > *tinc.conf > Name = envy13 > Device = /dev/net/tun I think, you do not need to specify "Device". (I never did) > ConnectTo = main > > *hosts/main > Address = <my vps ext ip address> > Port = 655 > Subnet = 10.0.0.1/32 > > *hosts/envy13 >

HI, Is there an init script to start stop tinc tinc-1.1pre10 for debian. I am running tinc -n name --pidfile /dir/name start from /etc/rc.local sometimes it's not creating the pid file but I see the process running. It would be great if we can manage it from /etc/init.d/ Thanks Anil -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi Tinc Groups again, Now i can set syslog. But my problem still the same. When i check Tap0 configure. I know idea what's wrong that i set. I set up tap follow these. ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 192.168.1.1 netmask 255.255.255.0 ifconfig tap0 -arp But i notice in my routing table have 2 myvpn. Like these, myvpn * 255.0.0.0

Hello, this morning I apparently had tinc crash on me. In 2 independent tinc clusters of 3 nodes each (but located in the same datacenter), one tinc process crashed in each of the clusters. One process apparently with `status=6/ABRT`, the other with `status=11/SEGV`. Interestingly, they crashed with only 5 minutes difference. The only thing I can come up with that might explain this correlation

Hi, All Recently, one of my tinc client always suffer connection drop, I was suspect the connection was not stable to cause this issue, and BTW, I’ve set the PingTimeout to 10 seconds already, but this situation still happens a lot sometimes, but when the connection drop happens, the connection recovery pretty fast, normally in a minutes. In order to deep dive into the cause, or proven the

Hi, experts I found the tun0 is 10Mb/s and I installed vnstat to monitor the tinc vpn traffic statistic, but due to 10Mb/s, the vnstat couldn’t update it’s database due to low speed rate, so anyway to change the tun from10Mb/s to higher? [root at box1 ~]# vnstat -u Info: Traffic rate for "myvpn" higher than set maximum 10 Mbit (248->341, r735 t38), syncing. [root at box1 ~]#

1. Is there any tools/command, we can show the subnet where a certain tinc nodes learnt? So that I can know the weight for certain subnet(in real time), instead of go back to the node’s (who advertise the subnet) configuration file to check. 2. So far in order to change the weight of a subnet, or something else, I have to reset the tinc daemon( tincd -k -n myvpn and then tincd -n myvpn) in

I have a use case where I have to add new "ConnectTo=host" in tinc.conf and reload tinc. This is to make sure existing connections do not get disconnected. I use ... /usr/local/sbin/tinc --pidfile /var/run/tinc.vpn.pid -n vpn reload this works for most part, however, I am now seeing instance where I have to do a restart instead of reload. New connection works after a restart. Is there a

I cannot understand why you say the configuration for B will be tricky. If you select the switch mode, and some machine can initiate a connection to some other machine, until there is a path, the whole net will behave as all the tap device were connected to a single switch. Is not a vpn in the strict ipsec meaning, you should see it more like an encrypted VLAN. On 05/01/2017 12:00 PM, Bright

SIGHUP (-kHUP) should reload that config for you and SIGURS2 (-kUSR2) will drop currently known subnets (etc) to syslog. This will not work on Windows. Both of these are in the tinc manual (http://tinc-vpn.org/documentation/tinc.pdf). From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Bright Zhao Sent: Saturday, May 6, 2017 9:33 AM To: tinc at tinc-vpn.org Subject: Show the subnets

Trying to understand "redirect-gateway" option Is this url info correct for the current Tinc 1.0.35 version? .../tinc-vpn.org/examples/redirect-gateway What is the script? /etc/tinc/myvpn/hosts/server-up Is it really a extra bit to be added to,/etc/tinc/myvpn/tinc-up If I read and apply the instructions to my routed setup, then all I need to add isip route add 0.0.0.0/1 dev $INTERFACE