similar to: UDP connections on tinc

Hallo, Another strange and difficult to understand thing - seems like all the easy bugs in 1.1 are gone ;) waehring (1.1) | +-------------------+--------------+ | | | vpnhub1 (1.1) igor (1.1) turing (1.0) | | | +-------------------+--------------+ | tokamak Whenever another node outside of the graph connects to vpnhub or igor

Multiple questions here, thinking one email is less annoying (sorry if not). Running tinc 1.0.31 1. Could anyone give an explanation (or point to documentation) of the differences between Connections, Nodes, and Edges in the USR1/2 logging, and the various information in there? 2. Connections appears to match the list of ConnectTo hosts in the main config file -- does this mean this node can

Hello, We're suffering from sporadic network blockage(read: unable to ping other nodes) with 1.1-pre17. Before upgrading to the 1.1-pre release, the same network blockage also manifested itself in a pure 1.0.33 network. The log shows that there are a lot of "Got ADD_EDGE from nodeX (192.168.0.1 port 655) which does not match existing entry" and it turns out that the mismatches

Hi, I'm using Tinc in a scenario where round-trip time matters. I've multiple nodes behind firewalls (with and without NAT) and a single public server node. How do I can get the current state of UDP data-connections between my firewall'd nodes? According to the docs: - 'dump connections' give me all TCP meta-connections of the current node - 'dump edges' give me

Hi! here a little patch for darknet functionality, i hope it does what its intended for sufficiently ... but it seems to work :). what should it do? imagine your friend-network. A trusts B and C. B trusts D and E, D trust F, C trusts G. All trust relationships are mutal A <---> C <---> G ^ \ \-----> B <---> D <---> F ^ \ \---> E

Thanks Guus. Appreciate the help. What's the purpose of SUBNET msg? Is it even useful in switch mode? I tweaked the code to disable SUBNET msg, because I thought they weren't useful when it comes to switch mode. Which caused the UDP connection got blocked apparently. If I re-enable SUBNET msg, the udp connection starts to work fine. I don't see any forwarding traffic any more. On

Hello, we currently set up a large tinc network with 2 central Nodes (these nodes connecting to each other). All satellites (ca 40) connect to these both machines. All containing two ConntectTo fields (for backup) e.g. (satellite) Name = nfp_hy Device = /dev/tun PrivateKeyFile = /etc/tinc/nfp_hy/rsa_key.priv ConnectTo = nfp_f_vpn ConnectTo = nfp_c_vpn If the count of satellites reaches

Hi, We want to deploy a tinc VPN, with more than 50 sites connected all arround the world. But we cannot trust all our sites with the same level, so the tinc solution (automatic full mesh) is "too automatic" for us : *any* node can add a new node which will be connected directly to others. A solution could be TLS (signing public keys), but create a PKI is another issue for us.

Hello, I am tying to create tinc vpn for the ~1000 nodes and was thinking why meta connections are needed at all if I only need static configuration where every node knows addresses of other hosts and due to the amount of traffic any indirect connections will not work, so DirectOnly=yes is a must and then passing around routing information is not needed, right? Currently I have 10 nodes

Hi there I have the following setup Home - Main Tinc server with public IP running on PfSense work - tinc client running behind a CISCO ASA firewall with public IP running on Windows 10 offsite - tinc client running on tomato router behind a double NAT Home & offsite connect & i can see all PCs & devices & connect to them easily, on either side work to Home or offsite connects

On Fri, 15 May 2015, Guus Sliepen wrote: > On Fri, May 15, 2015 at 10:26:46PM +0200, Sven-Haegar Koch wrote: > > > Another strange and difficult to understand thing - seems like all the > > easy bugs in 1.1 are gone ;) > [...] > > Got ADD_EDGE from aaa_vpnhub1 (1.2.3.4 port 443) for haegar_tokamak > > -> igor which does not match existing entry (Local

Hi, I was previously using tinc-1.1pre8 and it worked just fine, but after upgrading to tinc-1.1pre10 my Windows machine is unable to connect to my tinc network, as it fails to complete the handshake. Steps to reproduce: - Set up a Linux node with tinc-1.1pre10 using "tinc init" - Set up a Windows node with tinc-1.1pre10 using "tinc init", and try to make it connect to the

I have now got the tinc demons (on network OFFICES) on BranchB and BranchA talking to each other, see below for log from BranchB. For some trouble shouting issues relating to OsX see at the end of my e-mail. However, I have not yet achieved the network connectivity/routing that I would like. The aim is: BranchB is a laptop I would like to connect it (via tinc) to my office network, so that

I would like to discuss the following commit: https://github.com/gsliepen/tinc/commit/4a0b9981513059755b9fd15b38fc198f46a0d6f2 ("Determine peer's reflexive address and port when exchanging keys") This is a great feature as it basically allows peers to do UDP Hole Punching (via MTU probes) even when both are having their source ports rewritten by a NAT, which is extremely useful.

Hallo, I have a couple of tinc hosts in the same network, some using the latest tinc 1.1 git and some using 1.0.24. It seems like traffic between 1.1 and 1.0 nodes is always transfered using TCP (and an intermediate node, if not directly connected), never with UDP. Viewed from host W (tinc 1.1): (All after successfully pinging an IP behind the remote side to trigger UDP path probing, and

LocalDiscovery works by sending some of the MTU probe packets to the broadcast address (255.255.255.255). If the destination node receives one of these packets, it will update its UDP cache and reply, thus the two nodes will start using their local addresses to communicate. Now, I see two problems with this approach: - In case the two nodes are behind the same NAT and can reach other *but*

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm using tinc to connect a couple of ipv6 capable machines using a mix of upd6, udp4, tcp6 and tcp4. Now I wanted to add an linux embedded device, which has no ipv6 support at all. Tinc did compile and configuration is fine (tested on other machine), but after connecting the embedded device to other hosts tinc instances, it suddenly crashes.

Hello tincers, I run a small tinc mesh using version 1.1pre10 on mostly linux (debian) hosts. In the past, I was able to successfully join my windows machine to the tinc network, when I was running an earlier version of tinc (throughout the mesh). However, with 1.1pre10, I have had no success. Is this a known error, a misconfiguration on my part, or some other issue? I currently have no tinc-up

On Fri, May 15, 2015 at 10:26:46PM +0200, Sven-Haegar Koch wrote: > Another strange and difficult to understand thing - seems like all the > easy bugs in 1.1 are gone ;) [...] > Got ADD_EDGE from aaa_vpnhub1 (1.2.3.4 port 443) for haegar_tokamak > -> igor which does not match existing entry (Local address 2.3.4.5 > != unknown) > > What I think may happen is that the

Hi guys, Second question for me today:), really appreciate the help. I have been using tinc in a linux environment, due to our need, I kept it running all the time.(i.e. several months) Recently I found out the system's memory usage is gradually going higher and higher, and eventually triggering oom-killer in the system. After disabling process one by one, I identified tinc is the reason for