similar to: Second VPN network fails to start

Hi Lars, Appreciate all your help, unfortunately the problem remains. I've marked up below: >>> Lars Kruse <lists at sumpfralle.de> 22-May-19 4:02 PM >>> Hello Robert, Am Mon, 20 May 2019 11:11:39 +0700 schrieb "Robert Horgan" <Robert at gainplus.asia>: > These are my files: > > On server 1: db2 > > /etc/tinc/nets.boot > # >

Hello Lars, Thanks for your feedback. Unfortunately I made an error in writing the network I expected to connect to. I meant 10.3.0.0/24 The one I wrote in fact was one network of the already established VPN. I have included full details of my relevant files below. Background: I am trying to set up a second VPN between two servers: gtdb and db2. Both servers are already part of separate

Hi, I have a small problem and any help appreciated. Tinc 1.0.33 Ubuntu 18.04 at Digital Ocean I need VPNs between 1 database server and two servers on separate networks: VPN0 works OK DB2 10.0.0.50/24 connects to Web1 10.0.0.1 Here is my ip r result: default via x.x.x.x dev eth0 proto static 10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.51 10.15.0.0/16 dev eth0 proto kernel scope

Hi Lars, I am using Ubuntu 18.04.2 at Digital Ocean hosting. The server is running MariaDB 10.3 and Postfix 3.3 and little else. With your help I finally have my existing configuration working so it was not eventually an error with the config files but with the start process. These are the sequence of commands which eventually got everything working for me Note that I now have in addition to

Yes, I am sure but added another broader rule: nsasia at db1:~$ sudo ufw allow from any port 655 proto udp same result for debug example. regards Robert >>> Rafael Wolf <rfwolf at gmail.com> 13-Jun-18 5:32 PM >>> Telnet will only do tcp not udp which tinc works on. Are you sure udp 655 is open? On Wed, Jun 13, 2018, 3:51 AM Robert Horgan <robert

You know I think I've seen this once before. Got ID from db1 (10.130.39.180 port 655): 0 db1 17 Sending METAKEY to db1 It looks like it's communicating properly but there is a problem with your keys. Can you rename and regenerate your keys? On a project I'm working on when we transferred our keys to another client it put Carriage returns so there was a key mismatch. Try that and

Hi Guus, The first example was a manual connect, the second example was debug regards Robert >>> "Robert Horgan" <robert at nsasia.co.th> 13-Jun-18 10:21 AM >>> Hi, Are you sure? What happens if you manually telnet/socket 10.130.39.180 nsasia at web3:~$ telnet 10.130.39.180 655 Trying 10.130.39.180... Connected to 10.130.39.180. Escape

Hi, Are you sure? What happens if you manually telnet/socket 10.130.39.180 nsasia at web3:~$ telnet 10.130.39.180 655 Trying 10.130.39.180... Connected to 10.130.39.180. Escape character is '^]'. 0 db1 17 Connection closed by foreign host. Stopping the service and running debug I get: nsasia at web3:~$ sudo tincd -n gainplus -d5 -D tincd 1.0.33 starting, debug level 5

Hi Thanks removing the first line "ip tuntap add dev $INTERFACE mode tun" seems to have helped regarding the tun error, however it is not connecting. If I stop the tinc service and then run: root at web3:~# tincd -n gainplus -d -D tincd 1.0.33 starting, debug level 1 /dev/net/tun is a Linux tun/tap device (tun mode) Listening on 10.130.69.123 port 655 Ready Trying to connect to

Hellou I found a interesting problem with my tinc instalation: Log messages from main router. tinc.vpn1[1959]: tincd 1.0pre7 starting tinc.vpn1[1959]: /dev/tun is a Linux tun/tap device tinc.vpn1[1959]: Can't bind to 0.0.0.0 port 655/tcp: Permission denied tinc.vpn1[1959]: Unable to create any listening socket! tinc.vpn1[1959]: Unrecoverable error #cat

Hi all, I have a setup with some zones : net, loc, vpn1(ipsec) , where each zone have the following address spaces "my firewall" net : 200.200.200.0/24 loc : 192.168.1.0/24 vpn1: 10.10.50.0/23 "my firewall" there is default route to net route to vpn1 when dst = 10.10.50.0/23 "vpn1 site" there is default route to net route to my site

Hi Ivo and Guus, We are writing a book on building VPNs for Linux and a part of it describes tinc. I wanted to make sure that your opinion, as tinc authors and developers, is reflected. First, let me ask a couple of technical questions. 1. If there are two hosts, foo and bar, that are to be connected via tinc, and each host should only have _one_ IP address (i.e. nmask is /32), would the

I am trying to setup openVPN 2.0 beta11 (sever/client configuration) and shorewall. I managed to get it working with out shorewall in the mix. When I start shorewall this message appears in the logs. Oct 12 13:41:03 localhost kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:04:5a:7f:92:9f:00:b0:c2:89:68:e4:08:00 SRC=69.145.71.133 DST=216.187.138.18 LEN=42 TOS=0x00 PREC=0x00 TTL=46 ID=11 DF

Hello All , I installed tinc for windows. But it doesn't seem to work. I want to connect two computers(for testing purposes) computer1(webdev) and computer2(gis) I have installed the tap-win32 on both of them. Both computers are windows XP. Also I don't have a router. Computer1:webdev ----------------------- C:\Program Files\tinc\vpn1\tinc.conf Name = webdev ConnectTo = office

Hello all, I am trying to get voicemail to work for sip phones using g729, yes I did buy the licenses. I can get it to work using other codecs like G711 and dtmfmode=inband. But when I make a call using g729 I get "Apr 29 09:47:14 WARNING[1209214400]: dsp.c:1452 ast_dsp_process: Unable to process inband DTMF on 256 frames" on my console. I can't seem to get anything to work when

Hello, I've used tinc successfully for a long time, all with Linux hosts. No problem there. Unfortunately I now have to add a Windows host to the VPN. What a fight Winblows is! Probably just my ignorance. The VPN works and tinc says that tinc-up is run (and a debugging statement proves it) but I can't get an extra route added. tinc-up.bat contains: ------------------- netsh interface

Hello again, >From the point of view of a Red Hat *user*, the standardised way of doing things would be to have an /etc/sysconfig/tinc file containing something like: NETWORKS="vpn1 vpn2 vpn3" (one or more names separated by spaces) At initialization, each name should launch a separate tinc instance (a different VPN) tinc service should not start until the user adds at least

Hi all, I have done some tests for the new attributes "check" and "type", could you please help to have a check? And I have some questions about the patch, please help to have a look, Thank you! The questions: 1. in step 4 below, the error message should be updated: Actual results: XML error: invalid mac address **check** value: 'next'. Valid values are

I cannot understand why you say the configuration for B will be tricky. If you select the switch mode, and some machine can initiate a connection to some other machine, until there is a path, the whole net will behave as all the tap device were connected to a single switch. Is not a vpn in the strict ipsec meaning, you should see it more like an encrypted VLAN. On 05/01/2017 12:00 PM, Bright

On Wed, Dec 03, 2014 at 12:07:59AM -0800, Dave Taht wrote: [...] > https://github.com/dtaht/tinc > > I successfully converted tinc to use sendmsg and recvmsg, acquire (at > least on linux) the TTL/Hoplimit and IP_TOS/IPv6_TCLASS packet fields, Windows does not have sendmsg()/recvmsg(), but the BSDs support it. > as well as SO_TIMESTAMPNS, and use a higher resolution internal