Hi everyone, you can find the current version of my enhanced tinc using subversion: svn://tardyon.mon-clan.de/tinc I allowed anonymous read access, so feel free to download the sources. Unfortunately, my enhancements are based on a rather old git-checkout from Guus. The version should run under windows and Debian/Ubuntu. Best, Daniel -----Original Message----- From: folkert [mailto:folkert at vanheusden.com] Sent: Monday, November 22, 2010 6:22 PM To: Daniel-Schall at web.de Subject: local address announcements Hi, Can you please e-mail me the local address announcements patch? Or tell me where to get it? I have a setup in which I can test/use it. Thanks, Folkert van Heusden -- MultiTail er et flexible tool for ? kontrolere Logfiles og commandoer. Med filtrer, farger, sammenf?ringer, forskeliger ansikter etc. http://www.vanheusden.com/multitail/ ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com
Hi, Are you sure it is anonymous? It keeps asking for passwords. svn checkout svn://tardyon.mon-clan.de/tinc . On Mon, Nov 22, 2010 at 10:16:49PM +0100, Daniel Schall wrote:> Hi everyone, > > you can find the current version of my enhanced tinc using subversion: > svn://tardyon.mon-clan.de/tinc > > I allowed anonymous read access, so feel free to download the sources. > Unfortunately, my enhancements are based on a rather old git-checkout from > Guus. > The version should run under windows and Debian/Ubuntu. > > > Best, > > Daniel > > -----Original Message----- > From: folkert [mailto:folkert at vanheusden.com] > Sent: Monday, November 22, 2010 6:22 PM > To: Daniel-Schall at web.de > Subject: local address announcements > > Hi, > > Can you please e-mail me the local address announcements patch? Or tell me > where to get it? I have a setup in which I can test/use it. > > > Thanks, > > Folkert van Heusden > > -- > MultiTail er et flexible tool for ? kontrolere Logfiles og commandoer. > Med filtrer, farger, sammenf?ringer, forskeliger ansikter etc. > http://www.vanheusden.com/multitail/ > ---------------------------------------------------------------------- > Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.comFolkert van Heusden -- Multi tail barnamaj mowahib li mora9abat attasjilat wa nataij awamir al 7asoub. damj, talwin, mora9abat attarchi7 wa ila akhirih. http://www.vanheusden.com/multitail/ ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com
On Mon, Nov 22, 2010 at 22:16, Daniel Schall <Daniel-Schall a web.de> wrote:> Hi everyone, > > you can find the current version of my enhanced tinc using subversion: > svn://tardyon.mon-clan.de/tinc > > I allowed anonymous read access, so feel free to download the sources. > Unfortunately, my enhancements are based on a rather old git-checkout from > Guus. > The version should run under windows and Debian/Ubuntu.It asks me for username and password
Hi, sorry, my bad. I tested with cached credentials. It should work now. Best, Daniel -----Original Message----- From: folkert [mailto:folkert at vanheusden.com] Sent: Monday, November 22, 2010 10:32 PM To: Daniel Schall Cc: tinc-devel at tinc-vpn.org Subject: Re: local address announcements Hi, Are you sure it is anonymous? It keeps asking for passwords. svn checkout svn://tardyon.mon-clan.de/tinc . On Mon, Nov 22, 2010 at 10:16:49PM +0100, Daniel Schall wrote:> Hi everyone, > > you can find the current version of my enhanced tinc using subversion: > svn://tardyon.mon-clan.de/tinc > > I allowed anonymous read access, so feel free to download the sources. > Unfortunately, my enhancements are based on a rather old git-checkout > from Guus. > The version should run under windows and Debian/Ubuntu. > > > Best, > > Daniel > > -----Original Message----- > From: folkert [mailto:folkert at vanheusden.com] > Sent: Monday, November 22, 2010 6:22 PM > To: Daniel-Schall at web.de > Subject: local address announcements > > Hi, > > Can you please e-mail me the local address announcements patch? Or > tell me where to get it? I have a setup in which I can test/use it. > > > Thanks, > > Folkert van Heusden > > -- > MultiTail er et flexible tool for ? kontrolere Logfiles og commandoer. > Med filtrer, farger, sammenf?ringer, forskeliger ansikter etc. > http://www.vanheusden.com/multitail/ > ---------------------------------------------------------------------- > Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.comFolkert van Heusden -- Multi tail barnamaj mowahib li mora9abat attasjilat wa nataij awamir al 7asoub. damj, talwin, mora9abat attarchi7 wa ila akhirih. http://www.vanheusden.com/multitail/ ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com
> > you can find the current version of my enhanced tinc using subversion: > > svn://tardyon.mon-clan.de/tinc > > I allowed anonymous read access, so feel free to download the sources. > > Unfortunately, my enhancements are based on a rather old git-checkout > > from Guus. > > The version should run under windows and Debian/Ubuntu.It spits out some errors. Also doesn't seem to work. Debian system. Replaced line 313 by: logger(LOG_ERR, "getifaddrs: Call to %s (%s) failed: %s", "SIOCGIFFLAGS", inet_ntoa(((struct sockaddr_in *)&ifr -> ifr_ifru.ifru_addr) -> sin_addr), strerror(errno)); Logging output is: Nov 23 16:35:17 verweg tinc.fvh[22417]: tincd 1.0.13+git (Nov 23 2010 16:17:50) starting, debug level 0 Nov 23 16:35:17 verweg tinc.fvh[22417]: /dev/net/tun is a Linux tun/tap device (tap mode) Nov 23 16:35:17 verweg tinc.fvh[22417]: Ready Nov 23 16:35:17 verweg tinc.fvh[22417]: getifaddrs: Call to SIOCGIFFLAGS (0.0.0.0) failed: No such device Nov 23 16:35:17 verweg tinc.fvh[22417]: bind_multicast_sockets: Call to getifaddrs failed ... Nov 23 16:37:19 verweg tinc.fvh[22417]: getifaddrs: Call to SIOCGIFFLAGS (0.0.0.0) failed: No such device Nov 23 16:37:19 verweg tinc.fvh[22417]: bind_multicast_sockets: Call to getifaddrs failed ...etc... The system only has eth0, lo and of course the tinc device. Folkert van Heusden -- Multitail est un outil permettant la visualisation de fichiers de journalisation et/ou le suivi de l'ex?cution de commandes. Filtrage, mise en couleur de mot-cl?, fusions, visualisation de diff?rences (diff-view), etc. http://www.vanheusden.com/multitail/ ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com
> I tested on Ubuntu 10.04 (x64) and Windows 7, and it works fine, I do not > know about other platforms. > The error seems to be related to my compatibility function "getifaddrs", > which is not available on all platforms. > If you'd like to fix the error, try finding out, whether your libc is > providing the function "getifaddrs" built-in. > If so, try patching the file "ifaddrs-compat.c" to include the header, where > the function is defined.Ok, now it starts without any errors. Still doesn't work though: 192.168.11.18 and 192.168.11.124 don't detect each other (their names are clientbp and verweg): Nov 23 17:30:21 verweg tinc.fvh[23564]: Connections: Nov 23 17:30:21 verweg tinc.fvh[23564]: server at 83.163.x.98 port 655 options f socket 7 status 01c2 outbuf 1436/0/0 Nov 23 17:30:21 verweg tinc.fvh[23564]: vps001 at 94.142.x.174 port 655 options b socket 8 status 00c2 outbuf 2073/0/0 Nov 23 17:30:21 verweg tinc.fvh[23564]: End of connections. Nov 23 17:30:30 verweg tinc.fvh[23564]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: Nov 23 17:30:30 verweg tinc.fvh[23564]: total bytes in: 422144 Nov 23 17:30:30 verweg tinc.fvh[23564]: total bytes out: 11708732 Nov 23 17:30:30 verweg tinc.fvh[23564]: Nodes: Nov 23 17:30:30 verweg tinc.fvh[23564]: belle at 192.168.64.100 port 655 cipher 0 digest 0 maclength 0 compression 0 options f status 0058 nexthop server via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation at 62.177.207.163 port 655 cipher 0 digest 0 maclength 0 compression 0 options b status 0058 nexthop server via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation2 at 80.101.181.4 port 655 cipher 0 digest 0 maclength 0 compression 0 options f status 0058 nexthop server via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: xp at 188.204.99.146 port 655 cipher 0 digest 0 maclength 0 compression 0 options f status 0058 nexthop server via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: clientbp at 192.168.0.120 port 655 cipher 0 digest 0 maclength 0 compression 0 options f status 0058 nexthop server via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: fhg at 83.163.x.75 port 655 cipher 0 digest 0 maclength 0 compression 0 options 9 status 0058 nexthop server via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: paps at (null) cipher 0 digest 0 maclength 0 compression 0 options 0 status 0040 nexthop - via - pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: server at 83.163.x.98 port 655 cipher 91 digest 64 maclength 4 compression 11 options f status 005a nexthop server via verweg pmtu 1467 (min 0 max 1467) Nov 23 17:30:30 verweg tinc.fvh[23564]: verweg at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c status 0038 nexthop verweg via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: vps001 at 94.142.x.174 port 655 cipher 0 digest 0 maclength 0 compression 0 options b status 0058 nexthop vps001 via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: weerstationserver at 192.168.62.129 port 655 cipher 0 digest 0 maclength 0 compression 0 options f status 0058 nexthop server via verweg pmtu 1518 (min 0 max 1518) Nov 23 17:30:30 verweg tinc.fvh[23564]: End of nodes. Nov 23 17:30:30 verweg tinc.fvh[23564]: Edges: Nov 23 17:30:30 verweg tinc.fvh[23564]: belle to server at 192.168.64.1 port 655 options f weight 87 Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation to clientbp at 192.168.0.120 port 655 options f weight 416 Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation to fhg at 83.163.x.75 port 655 options 3 weight 1306 Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation to server at 83.163.x.98 port 655 options f weight 516 Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation2 to clientbp at 192.168.0.120 port 655 options f weight 56 Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation2 to server at 83.163.x.98 port 655 options f weight 328 Nov 23 17:30:30 verweg tinc.fvh[23564]: fvhworkstation2 to vps001 at 94.142.x.174 port 655 options b weight 1017 Nov 23 17:30:30 verweg tinc.fvh[23564]: xp to clientbp at 192.168.77.1 port 655 options f weight 44 Nov 23 17:30:30 verweg tinc.fvh[23564]: xp to server at 83.163.x.98 port 655 options f weight 198 Nov 23 17:30:30 verweg tinc.fvh[23564]: clientbp to fvhworkstation at 192.168.0.25 port 655 options b weight 416 Nov 23 17:30:30 verweg tinc.fvh[23564]: clientbp to fvhworkstation2 at 192.168.0.131 port 655 options f weight 56 Nov 23 17:30:30 verweg tinc.fvh[23564]: clientbp to xp at 192.168.77.129 port 655 options f weight 44 Nov 23 17:30:30 verweg tinc.fvh[23564]: clientbp to fhg at 83.163.x.75 port 655 options b weight 1051 Nov 23 17:30:30 verweg tinc.fvh[23564]: clientbp to server at 83.163.x.98 port 655 options f weight 554 Nov 23 17:30:30 verweg tinc.fvh[23564]: clientbp to vps001 at 94.142.x.174 port 655 options b weight 1326 Nov 23 17:30:30 verweg tinc.fvh[23564]: fhg to fvhworkstation at 62.177.207.163 port 655 options 3 weight 1306 Nov 23 17:30:30 verweg tinc.fvh[23564]: fhg to clientbp at 188.204.99.146 port 655 options f weight 1051 Nov 23 17:30:30 verweg tinc.fvh[23564]: fhg to server at 83.163.x.98 port 655 options d weight 1037 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to belle at 192.168.64.100 port 655 options f weight 87 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to fvhworkstation at 62.177.207.163 port 655 options b weight 516 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to fvhworkstation2 at 80.101.181.4 port 655 options f weight 328 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to xp at 188.204.99.146 port 655 options f weight 198 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to clientbp at 188.204.99.146 port 655 options f weight 554 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to fhg at 83.163.x.75 port 655 options 9 weight 1037 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to verweg at 188.204.99.146 port 655 options f weight 1688 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to vps001 at 94.142.x.174 port 655 options b weight 1047 Nov 23 17:30:30 verweg tinc.fvh[23564]: server to weerstationserver at 192.168.62.129 port 655 options f weight 92 Nov 23 17:30:30 verweg tinc.fvh[23564]: verweg to server at 83.163.x.98 port 655 options f weight 1688 Nov 23 17:30:30 verweg tinc.fvh[23564]: verweg to vps001 at 94.142.x.174 port 655 options b weight x1 Nov 23 17:30:30 verweg tinc.fvh[23564]: vps001 to fvhworkstation2 at 80.101.181.4 port 655 options b weight 1017 Nov 23 17:30:30 verweg tinc.fvh[23564]: vps001 to clientbp at 188.204.99.146 port 655 options b weight 1326 Nov 23 17:30:30 verweg tinc.fvh[23564]: vps001 to server at 83.163.x.98 port 655 options b weight 1047 Nov 23 17:30:30 verweg tinc.fvh[23564]: vps001 to verweg at 188.204.99.146 port 655 options b weight x1 Nov 23 17:30:30 verweg tinc.fvh[23564]: weerstationserver to server at 192.168.64.1 port 655 options f weight 92 Nov 23 17:30:30 verweg tinc.fvh[23564]: End of edges. Nov 23 17:30:30 verweg tinc.fvh[23564]: Subnet list: Nov 23 17:30:30 verweg tinc.fvh[23564]: 0:ff:b:a8:93:7d#10 owner fhg Nov 23 17:30:30 verweg tinc.fvh[23564]: 0:ff:1f:72:7:4f#10 owner fvhworkstation Nov 23 17:30:30 verweg tinc.fvh[23564]: 0:ff:25:71:93:56#10 owner belle Nov 23 17:30:30 verweg tinc.fvh[23564]: 0:ff:61:58:6f:f7#10 owner xp Nov 23 17:30:30 verweg tinc.fvh[23564]: 0:ff:ba:8c:7f:6e#10 owner paps Nov 23 17:30:30 verweg tinc.fvh[23564]: 26:66:37:10:57:10#10 owner server Nov 23 17:30:30 verweg tinc.fvh[23564]: 5e:c0:2:73:11:ee#10 owner weerstationserver Nov 23 17:30:30 verweg tinc.fvh[23564]: 86:fa:c3:9f:41:10#10 owner clientbp Nov 23 17:30:30 verweg tinc.fvh[23564]: 92:ea:1:fc:91:31#10 owner verweg Nov 23 17:30:30 verweg tinc.fvh[23564]: d6:65:79:e7:7a:92#10 owner vps001 Nov 23 17:30:30 verweg tinc.fvh[23564]: End of subnet list. Please note that 192.168.11.1 is the default gateway for both clientbp and verweg. The 'wan' side of this system is 192.168.0.120. Folkert van Heusden -- www.biglumber.com <- site where one can exchange PGP key signatures ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com
> > > My algorithm is able to sign multicast packets only if a key > > > exchange has occurred before. > > > (key exchange happens when you first contact the other node.) > > > Therefore, if you ping the nodes once (over the tinc interface), the > > > > keys should get exchanged and multicast signing should work. > > > Yes, this is an issue that could easily be improved. > > > Anyway, the code is still beta, it works most of the time, but I > > > experience some strange behavior too. > > > Sometimes, nodes do not see each other, but I did not yet find out,why.> > > > Tried it a couple of times and it seems it doesn't work. > > I verified that both systems see each others broadcasts. > > Furthermore I pinged both from within each other on their tinc address. > > Didn't help. > > In the meantime, I added a key-request, in case the key is not yetexchanged.> > Besides that, I am experiencing the same behavior: > My two nodes exchange their local addresses, but packets sent over thetinc interface get lost between the two.> I did not find out, why this is happening, but I am on it.There was a problem with verifying remote HMACs. I forgot to adjust the packet length (to include the newly added flags). Therefore, verifying HMACs in function try_harder always failed and packets could not be allocated to nodes. I fixed that issue, and tinc should be more stable now, although adjacent nodes do not see each other 100% of the time. Sending/receiving UDP packets sent to the public interfaces works though. To reflect the change in the protocol, I increased the protocol version to 18, making it incompatible with previous tinc versions.
Hi Daniel, Any news on the local address announcements code? Am really eager to put it in production :-) Folkert van Heusden -- ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com