similar to: tinc Digest, Vol 156, Issue 4

Thanks Guus for the quick answer, I will give a try now. Рысь, In my case we don't want to restart tinc "server" at all, therefore what might happen is that the client is still connected to server while its public key was already removed from server. I will try the signal approach. Heng On Mon, Jul 25, 2016 at 12:42 PM, <tinc-request at tinc-vpn.org> wrote: > Send tinc

Hello, We are using tinc 1.0.24 with switch mode. Some questions regarding to the UDP connections on tinc. As far as I understand tinc is building meta connections with "ConnectTo", and "ADD_EDGE" packet. With the help of EDGE info two nodes who don't have direct meta connection are able to communicate through direct UDP connection. I understand we can dump the meta

On Fri, May 15, 2015 at 10:26:46PM +0200, Sven-Haegar Koch wrote: > Another strange and difficult to understand thing - seems like all the > easy bugs in 1.1 are gone ;) [...] > Got ADD_EDGE from aaa_vpnhub1 (1.2.3.4 port 443) for haegar_tokamak > -> igor which does not match existing entry (Local address 2.3.4.5 > != unknown) > > What I think may happen is that the

On Fri, 15 May 2015, Guus Sliepen wrote: > On Fri, May 15, 2015 at 10:26:46PM +0200, Sven-Haegar Koch wrote: > > > Another strange and difficult to understand thing - seems like all the > > easy bugs in 1.1 are gone ;) > [...] > > Got ADD_EDGE from aaa_vpnhub1 (1.2.3.4 port 443) for haegar_tokamak > > -> igor which does not match existing entry (Local

Something to add. When this happened, it looks like tinc shutdown gracefully(not seg fault ..), because I can tell tinc-down script got implemented. Heng On Wed, Nov 25, 2015 at 6:00 AM, <tinc-request at tinc-vpn.org> wrote: > Send tinc mailing list submissions to > tinc at tinc-vpn.org > > To subscribe or unsubscribe via the World Wide Web, visit >

Thanks for the reply. I am running tinc (1.0.24) in an embedded linux environment, with a pretty old kernel (2.6). I have let tinc run for almost 24 hours with internet and can't reproduce the issue. Heng On Wed, Nov 25, 2015 at 6:00 AM, <tinc-request at tinc-vpn.org> wrote: > Send tinc mailing list submissions to > tinc at tinc-vpn.org > > To subscribe or

On Tue, Dec 11, 2018 at 02:36:18PM +0800, Amit Lianson wrote: > We're suffering from sporadic network blockage(read: unable to ping > other nodes) with 1.1-pre17. Before upgrading to the 1.1-pre release, > the same network blockage also manifested itself in a pure 1.0.33 > network. > > The log shows that there are a lot of "Got ADD_EDGE from nodeX >

Hello, we currently set up a large tinc network with 2 central Nodes (these nodes connecting to each other). All satellites (ca 40) connect to these both machines. All containing two ConntectTo fields (for backup) e.g. (satellite) Name = nfp_hy Device = /dev/tun PrivateKeyFile = /etc/tinc/nfp_hy/rsa_key.priv ConnectTo = nfp_f_vpn ConnectTo = nfp_c_vpn If the count of satellites reaches

Hi Guys, Say when tinc is running all good, the "server" contains all the key files of clients. If we remove the key file for client A during run, how long before does server find out the key file is gone? I see a "KeyExpire" option in the conf file, is this the time? In my own experiment, the client will still be able to connect to the tinc network even if the key file is

Would it not make more sense to have this on packagers responsiblity instead like you were saying adding it into the upstream repo. Maybe have a secondary repo that people can contribute to for distribution specific files and install scripts. On 24 September 2015 at 21:30, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Thu, Sep 24, 2015 at 05:45:36PM +0200, Guus Sliepen wrote: >

On Sat, 16 May 2015, Guus Sliepen wrote: > On Sat, May 16, 2015 at 12:09:52AM +0200, Sven-Haegar Koch wrote: > > > This change is not so good: > > > > Connection with aaa_vpnhub1 (1.2.3.4 port 443) activated > > Error while translating addresses: ai_family not supported > > > > (And then the tinc process exists) > > Hm, I couldn't reproduce

Thank you, that is very helpful. And actually I do have a few further questions regarding this: 1. This weight is not the one specified in Subnet, this should be something related to the host, where can I manually configure this? 2. The weight value is ONLY take round trip latency as the measurement, or including CPU power and other factors into consideration? 3. I don't know how this

Hi, Guus I referre to the two separate tinc process/network(received same subnet), not Sunbet selection within one tinc process/network. My understanding is if different tinc process comes with exact subnet, as they are not related with each other(they have no idea regarding weights with each other), I guess the routing depends on the host's main routing table, for specific route it depends

Ah, fantastic. With the following config I get a usable tap0: $ sudo cat /etc/tinc/robotvpn/tinc.conf Name = elendur Mode = switch AddressFamily = ipv4 Device = /dev/tap0 Compression = 1 ConnectTo = robot_ph_cpe22_04 Still need to figure out the Avahi side of things for name resolution, but thanks all! On 26 February 2016 at 11:04, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Thu,

I meant Tinc site-site VPN deployments in US business segments. Just references if any. On Tue, Mar 20, 2018 at 1:44 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Tue, Mar 20, 2018 at 12:53:55PM -0700, al so wrote: > > > Are there any Tinc deployments in the USA in Medium sized businesses and > > small Enterprises? > > Yes. However, VPNs are Virtual *Private*

On Sat, May 16, 2015 at 12:09:52AM +0200, Sven-Haegar Koch wrote: > This change is not so good: > > Connection with aaa_vpnhub1 (1.2.3.4 port 443) activated > Error while translating addresses: ai_family not supported > > (And then the tinc process exists) Hm, I couldn't reproduce it, but I committed a fix anyway that makes sockaddr2str() handle AF_UNSPEC addresses. It

when you say "home server" you want me to do this in tinc "histup" or somewhere else OR on the firewall? similarly do i have to add route on the PC that runs the tinc daemon? Regards Ramesh On Sun, Jan 15, 2017 at 8:57 AM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Thu, Jan 12, 2017 at 09:27:45PM -0500, Ramesh wrote: > > > I have the following setup

Thanks for the reply Guss, So in my case the Amazon VPS server is behind a FULL CONE NAT(static NAT), so is that enough to hole punch other nodes. what all ports will should be opened up on the NAT device? Most of the other nodes are behind cg-nat, so I wont have any control over its nat. Thank you, Regards, Bobby Thomas. On Oct 19, 2015 1:45 AM, "Guus Sliepen" <guus at

Thanks Guus! Looking forward to trying out tinc 1.1pre15. Can 1.1pre15 nodes coexist with 1.1pre14 nodes? Nirmal On Sat, Sep 2, 2017 at 1:47 PM Guus Sliepen <guus at tinc-vpn.org> wrote: > With pleasure we announce the release of tinc versions 1.0.32 and > 1.1pre15. > > Here is a summary of the changes in tinc 1.0.32: > > * Fix segmentation fault when using Cipher =

Thanks Guus! Looking forward to trying out tinc 1.1pre15. Can 1.1pre15 nodes coexist with 1.1pre14 nodes? Nirmal On Sat, Sep 2, 2017 at 1:47 PM Guus Sliepen <guus at tinc-vpn.org> wrote: > With pleasure we announce the release of tinc versions 1.0.32 and > 1.1pre15. > > Here is a summary of the changes in tinc 1.0.32: > > * Fix segmentation fault when using Cipher =