> - Indirectdata finally REALLY REALLY works now! > - More precise debug messagesHmmm ... I can't prove that using the CVS code I checked out this morning. Everything works like yesterday: I can ping the peer but I canot go beyond: *** SERVER *** Jun 27 09:04:56 lemon tinc.9[10186]: tincd 1.0pre3 (Jun 27 2000 08:53:56) startin g, debug level 4 Jun 27 09:04:56 lemon tinc.9[10186]: Generating 128 bits keys Jun 27 09:04:56 lemon tinc.9[10186]: Ready: listening on port 655 Jun 27 09:04:59 lemon kernel: eth7: MII link partner 41e1, negotiated 01e1. Jun 27 09:05:04 lemon tinc.9[10186]: Connection from 192.168.2.100 port 1076 Jun 27 09:05:04 lemon tinc.9[10186]: Sending BASIC_INFO to 192.168.2.100 Jun 27 09:05:04 lemon tinc.9[10186]: Got request from 0.0.0.0 (192.168.2.100): 61 7 c0a80963/ffffff00:28f 2 Jun 27 09:05:04 lemon tinc.9[10186]: Got BASIC_INFO from 192.168.2.100 Jun 27 09:05:04 lemon tinc.9[10186]: Opening UDP socket to 192.168.2.100 Jun 27 09:05:04 lemon tinc.9[10186]: Sending PASSPHRASE to 192.168.9.99 (192.168.2.100) Jun 27 09:05:04 lemon tinc.9[10186]: Got request from 192.168.9.99 (192.168.2.100): 62 f3c329b1e5ad06ceeaacb5a2c2690bf26fadfecc73dbc03f34d56e13eeba0f7cab905783884 a979c13dc17bc3b916a18661cb0ca1d2ce1d11da78d97147870e685c07a69ec76ecd5c4fedc adefe0f29e60d0026d6f0c16117af9d0d97f23ee61cb1d3affb770cc097cd949d06835c2d3a 9cb2e9cf76cbb78285a07620277aaad4430298d929fb0f7d16fd0490db8361533951c83d387 323ada6924719a53b32b7d440804ec76d26d733583ff3e4f3dd73479f365d429f209f10b914 b6acd2dfdc870d084941e94dd45782cb554168b60116516beceb42567e7fd3d397e74b1c1f1 895536c1754ead978e497d1a3d01d11877f34b36fe67584f52e6e91c7b0dd0 Jun 27 09:05:04 lemon tinc.9[10186]: Got PASSPHRASE from 192.168.9.99 (192.168.2.100) Jun 27 09:05:04 lemon tinc.9[10186]: Sending PUBLIC_KEY to 192.168.9.99 (192.168.2.100) Jun 27 09:05:04 lemon tinc.9[10186]: Got request from 192.168.9.99 (192.168.2.100): 63 2rrsesncmha0uws71o5eugns2 Jun 27 09:05:04 lemon tinc.9[10186]: Got PUBLIC_KEY from 192.168.9.99 (192.168.2.100) Jun 27 09:05:04 lemon tinc.9[10186]: Sending ACK to 192.168.9.99 (192.168.2.100) Jun 27 09:05:04 lemon tinc.9[10186]: Connection with 192.168.9.99 (192.168.2.100) activated *** CLIENT *** Jun 27 09:05:04 pcamueller tinc[28135]: tincd 1.0pre3 (Jun 27 2000 08:55:41) starting, debug level 4 Jun 27 09:05:04 pcamueller tinc[28135]: Generating 128 bits keys Jun 27 09:05:04 pcamueller tinc[28135]: Ready: listening on port 655 Jun 27 09:05:04 pcamueller tinc[28135]: Connected to 212.79.9.74:655 Jun 27 09:05:04 pcamueller tinc[28135]: Got request from 0.0.0.0 (212.79.9.74): 61 7 c0a80901/ffffff00:28f 0 Jun 27 09:05:04 pcamueller tinc[28135]: Got BASIC_INFO from 212.79.9.74 Jun 27 09:05:04 pcamueller tinc[28135]: Opening UDP socket to 212.79.9.74 Jun 27 09:05:04 pcamueller tinc[28135]: Sending BASIC_INFO to 212.79.9.74 Jun 27 09:05:04 pcamueller tinc[28135]: Got request from 192.168.9.1 (212.79.9.74): 62 0e3ef1614ea3684e45b3e25f57c801716454f7c2019d41d5961bbc12263d533fc7b9992cfc8 b93bc531a59f3c8cbcce348296443a4ca249bd41ffbfafca31bef264c19e08f88fd225381ca 8f05fff13eeb85d585c6c71f3d3b98eb5b92fe447068c4cf6632d2e7557cc1e02a941adbf5d 957b00f1a03b2e36be2bdc0ba507b089c0dc6b12e897513763038c7fb25656fd31403f8cf2f f6e1379376b59ab6a2e1cab7bc5b533cbd0f9aca2352a81bc43fbcd5c0ebfb37982c8830930 8471b1c9b60578bc9911ccaf12af21df8e28f34732d443d802788d9568e96aba30ed1a82114 8cee0a3061d64e186b6cffb5d2259c299d554043dc3c50de399a2b5ab2fc1c Jun 27 09:05:04 pcamueller tinc[28135]: Got PASSPHRASE from 192.168.9.1 (212.79.9.74) Jun 27 09:05:04 pcamueller tinc[28135]: Sending PASSPHRASE to 192.168.9.1 (212.79.9.74) Jun 27 09:05:04 pcamueller tinc[28135]: Got request from 192.168.9.1 (212.79.9.74): 63 1knksw589z5bfoxnbmbifj3dz Jun 27 09:05:04 pcamueller tinc[28135]: Got PUBLIC_KEY from 192.168.9.1 (212.79.9.74) Jun 27 09:05:04 pcamueller tinc[28135]: Sending PUBLIC_KEY to 192.168.9.1 (212.79.9.74) Jun 27 09:05:04 pcamueller tinc[28135]: Got request from 192.168.9.1 (212.79.9.74): 1 Jun 27 09:05:04 pcamueller tinc[28135]: Got ACK from 192.168.9.1 (212.79.9.74) Jun 27 09:05:04 pcamueller tinc[28135]: Connection with 192.168.9.1 (212.79.9.74) activated *** SERVER (when PINGed from client) *** Jun 27 09:06:03 lemon tinc.9[10186]: Got request from 192.168.9.99 (192.168.2.100 ): 160 c0a80901 c0a80963 Jun 27 09:06:03 lemon tinc.9[10186]: Got REQ_KEY origin 192.168.9.99 destination192.168.9.1 from 192.168.9.99 (192.168.2.100) Jun 27 09:06:03 lemon tinc.9[10186]: Sending ANS_KEY to 192.168.9.99 (192.168.2.1 00) Jun 27 09:06:03 lemon tinc.9[10186]: Got request from 192.168.9.99 (192.168.2.100): 161 c0a80901 c0a80963 962093104 2rrsesncmha0uws71o5eugns2 Jun 27 09:06:03 lemon tinc.9[10186]: Got ANS_KEY origin 192.168.9.99 destination 192.168.9.1 from 192.168.9.99 (192.168.2.100) Jun 27 09:06:03 lemon tinc.9[10186]: Flushing receive queue for 192.168.9.99 Jun 27 09:06:03 lemon tinc.9[10186]: Receiving packet of 96 bytes from 192.168.9.99 (192.168.2.100) Jun 27 09:06:03 lemon tinc.9[10186]: Queue flushed Jun 27 09:06:03 lemon tinc.9[10186]: Sending packet of 96 bytes to 192.168.9.99 (192.168.2.100) Jun 27 09:06:04 lemon tinc.9[10186]: Receiving packet of 96 bytes from 192.168.9.99 (192.168.2.100) Jun 27 09:06:04 lemon tinc.9[10186]: Sending packet of 96 bytes to 192.168.9.99 (192.168.2.100) Jun 27 09:06:05 lemon tinc.9[10186]: Receiving packet of 96 bytes from 192.168.9.99 (192.168.2.100) Jun 27 09:06:05 lemon tinc.9[10186]: Sending packet of 96 bytes to 192.168.9.99 (192.168.2.100) Jun 27 09:06:06 lemon tinc.9[10186]: Receiving packet of 96 bytes from 192.168.9.99 (192.168.2.100) Jun 27 09:06:06 lemon tinc.9[10186]: Sending packet of 96 bytes to 192.168.9.99 (192.168.2.100) Jun 27 09:06:07 lemon tinc.9[10186]: Receiving packet of 96 bytes from 192.168.9.99 (192.168.2.100) Jun 27 09:06:07 lemon tinc.9[10186]: Sending packet of 96 bytes to 192.168.9.99 (192.168.2.100) *** CLIENT (when server is PINGed) *** Jun 27 09:06:03 pcamueller tinc[28135]: 192.168.9.1 (212.79.9.74) has no valid key, queueing packet Jun 27 09:06:03 pcamueller tinc[28135]: Sending REQ_KEY to 192.168.9.1 (212.79.9.74) Jun 27 09:06:03 pcamueller tinc[28135]: Got request from 192.168.9.1 (212.79.9.74): 161 c0a80963 c0a80901 962093096 1knksw589z5bfoxnbmbifj3dz Jun 27 09:06:03 pcamueller tinc[28135]: Got ANS_KEY origin 192.168.9.1 destination 192.168.9.99 from 192.168.9.1 (212.79.9.74) Jun 27 09:06:03 pcamueller tinc[28135]: Flushing send queue for 192.168.9.1 Jun 27 09:06:03 pcamueller tinc[28135]: Sending packet of 96 bytes to 192.168.9.1 (212.79.9.74) Jun 27 09:06:03 pcamueller tinc[28135]: Queue flushed Jun 27 09:06:03 pcamueller tinc[28135]: Got request from 192.168.9.1 (212.79.9.74): 160 c0a80963 c0a80901 Jun 27 09:06:03 pcamueller tinc[28135]: Got REQ_KEY origin 192.168.9.1 destination 192.168.9.99 from 192.168.9.1 (212.79.9.74) Jun 27 09:06:03 pcamueller tinc[28135]: Sending ANS_KEY to 192.168.9.1 (212.79.9.74) Jun 27 09:06:03 pcamueller tinc[28135]: Receiving packet of 96 bytes from 192.168.9.1 (212.79.9.74) Jun 27 09:06:04 pcamueller tinc[28135]: Sending packet of 96 bytes to 192.168.9.1 (212.79.9.74) Jun 27 09:06:04 pcamueller tinc[28135]: Receiving packet of 96 bytes from 192.168.9.1 (212.79.9.74) Jun 27 09:06:05 pcamueller tinc[28135]: Sending packet of 96 bytes to 192.168.9.1 (212.79.9.74) Jun 27 09:06:05 pcamueller tinc[28135]: Receiving packet of 96 bytes from 192.168.9.1 (212.79.9.74) Jun 27 09:06:06 pcamueller tinc[28135]: Sending packet of 96 bytes to 192.168.9.1 (212.79.9.74) Jun 27 09:06:06 pcamueller tinc[28135]: Receiving packet of 96 bytes from 192.168.9.1 (212.79.9.74) Jun 27 09:06:07 pcamueller tinc[28135]: Sending packet of 96 bytes to 192.168.9.1 (212.79.9.74) Jun 27 09:06:07 pcamueller tinc[28135]: Receiving packet of 96 bytes from 192.168.9.1 (212.79.9.74) *** CLIENT routing table *** root@pcamueller:/home/amueller/workspace.tinc/tinc/cabal > netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 212.79.58.20 192.168.9.1 255.255.255.255 UGH 0 0 0 tap0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1 192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0 *** CLIENT (when 212.79.58.20 is PINGed) *** Jun 27 09:10:26 pcamueller tinc[28155]: tincd 1.0pre3 (Jun 27 2000 08:55:41) starting, debug level 4 Jun 27 09:10:26 pcamueller tinc[28155]: Generating 128 bits keys Jun 27 09:10:26 pcamueller tinc[28155]: Ready: listening on port 655 Jun 27 09:10:26 pcamueller tinc[28155]: Connected to 212.79.9.74:655 Jun 27 09:10:26 pcamueller tinc[28155]: Got request from 0.0.0.0 (212.79.9.74): 61 7 c0a80901/ffffff00:28f 0 Jun 27 09:10:26 pcamueller tinc[28155]: Got BASIC_INFO from 212.79.9.74 Jun 27 09:10:26 pcamueller tinc[28155]: Opening UDP socket to 212.79.9.74 Jun 27 09:10:26 pcamueller tinc[28155]: Sending BASIC_INFO to 212.79.9.74 Jun 27 09:10:26 pcamueller tinc[28155]: Got request from 192.168.9.1 (212.79.9.74): 62 0e3ef1614ea3684e45b3e25f57c801716454f7c2019d41d5961bbc12263d533fc7b9992cfc8 b93bc531a59f3c8cbcce348296443a4ca249bd41ffbfafca31bef264c19e08f88fd225381ca 8f05fff13eeb85d585c6c71f3d3b98eb5b92fe447068c4cf6632d2e7557cc1e02a941adbf5d 957b00f1a03b2e36be2bdc0ba507b089c0dc6b12e897513763038c7fb25656fd31403f8cf2f f6e1379376b59ab6a2e1cab7bc5b533cbd0f9aca2352a81bc43fbcd5c0ebfb37982c8830930 8471b1c9b60578bc9911ccaf12af21df8e28f34732d443d802788d9568e96aba30ed1a82114 8cee0a3061d64e186b6cffb5d2259c299d554043dc3c50de399a2b5ab2fc1c Jun 27 09:10:26 pcamueller tinc[28155]: Got PASSPHRASE from 192.168.9.1 (212.79.9.74) Jun 27 09:10:26 pcamueller tinc[28155]: Sending PASSPHRASE to 192.168.9.1 (212.79.9.74) Jun 27 09:10:26 pcamueller tinc[28155]: Got request from 192.168.9.1 (212.79.9.74): 63 1knksw589z5bfoxnbmbifj3dz Jun 27 09:10:26 pcamueller tinc[28155]: Got PUBLIC_KEY from 192.168.9.1 (212.79.9.74) Jun 27 09:10:26 pcamueller tinc[28155]: Sending PUBLIC_KEY to 192.168.9.1 (212.79.9.74) Jun 27 09:10:26 pcamueller tinc[28155]: Got request from 192.168.9.1 (212.79.9.74): 1 Jun 27 09:10:26 pcamueller tinc[28155]: Got ACK from 192.168.9.1 (212.79.9.74) Jun 27 09:10:26 pcamueller tinc[28155]: Connection with 192.168.9.1 (212.79.9.74) activated Jun 27 09:10:33 pcamueller tinc[28155]: Trying to look up 212.79.58.20 in connection list failed! Jun 27 09:10:44 pcamueller last message repeated 11 times *** CLIENT tinc.conf *** root@pcamueller:/home/amueller/workspace.tinc/tinc/cabal > cat /etc/tinc/tincd.conf # Sample tinc configuration file # This is a comment. # Lines can have a maximum of 80 characters. # Spaces and tabs are eliminated. # The = sign isn't strictly necessary any longer, though you may want # to leave it in as it improves readability :) # Variable names are treated case insensitive. # The internet host to connect with # comment these out to make yourself a listen-only connection # You may use an IP address or its FQDN. ConnectTo = 212.79.9.74 # Connect to which port of the `ConnectTo' host # It is advised that you only connect to ports that are < 1024, # because some malicious (non-root) user may run a fake tincd on ports # above 1024. # The default port is 655, the port that has been assigned to tinc # by the IANA. If you want tincd to listen on any other port than 655, # you can use ListenPort for the `server', and ConnectPort for the # `client'. # You may use the prefixes 0x or 0 to denote a hexadecimal or octal # number respectively. ConnectPort = 655 # Listen on which port #ListenPort = 655 # Accept incoming connections AllowConnect = no # My own VPN IP # You may use the /nn notation to indicate the number of bits used for # the mask, /8 is equivalent to the netmask 255.0.0.0 (the first 8 # bits are set to 1). MyOwnVPNIP = 192.168.9.99/24 # Directory where tinc will look for passphrases Passphrases = /etc/tinc/passphrases # Which local file? # Default is /dev/tap0 TapDevice = /dev/tap0 # Number of seconds of inactivity tinc will wait before sending a probe # to the other end PingTimeout=120 IndirectData = yes *** SERVER tinc.conf *** lemon:/workspace.tinc/tinc/cabal # cat /etc/tinc/9/tincd.conf # ********************************************************************** # @(#) $Id: tincd.conf,v 1.2 2000/03/09 17:13:14 it-env Exp $ # @(#) $Source: /cvs/it-env/lemon/etc/tinc/9/tincd.conf,v $ # # ********************************************************************** # # This is a comment. # Lines can have a maximum of 80 characters. # Spaces and tabs are eliminated. # The = sign isn't strictly necessary any longer, though you may want # to leave it in as it improves readability :) # Variable names are treated case insensitive. # The internet host to connect with # comment these out to make yourself a listen-only connection # You may use an IP address or its FQDN. #ConnectTo = 1.2.3.4 # Connect to which port of the `ConnectTo' host # It is advised that you only connect to ports that are < 1024, # because some malicious (non-root) user may run a fake tincd on ports # above 1024. # The default port is 655, the port that has been assigned to tinc # by the IANA. If you want tincd to listen on any other port than 655, # you can use ListenPort for the `server', and ConnectPort for the # `client'. # You may use the prefixes 0x or 0 to denote a hexadecimal or octal # number respectively. #ConnectPort = 0x300 # Listen on which port ListenPort = 655 # Accept incoming connections AllowConnect = yes # My own VPN IP # You may use the /nn notation to indicate the number of bits used for # the mask, /8 is equivalent to the netmask 255.0.0.0 (the first 8 # bits are set to 1). MyOwnVPNIP = 192.168.9.1/24 # Directory where tinc will look for passphrases Passphrases = /etc/tinc/passphrases # Which local file? # Default is /dev/tap0 TapDevice = /dev/tap0 # Number of seconds of inactivity tinc will wait before sending a probe # to the other end PingTimeout=120 #IndirectData = yes Good luck ... - Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/
Guus Sliepen
2000-Jun-27 11:19 UTC
[CVS] humbolt:/tinc/cabal/src net.c netutl.c protocol.c
On Tue, 27 Jun 2000, [ISO-8859-1] Axel Müller wrote:> Hmmm ... I can't prove that using the CVS code I checked out this morning. > Everything works like yesterday: I can ping the peer but I canot go beyond:> *** CLIENT routing table *** > root@pcamueller:/home/amueller/workspace.tinc/tinc/cabal > netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt > Iface > 212.79.58.20 192.168.9.1 255.255.255.255 UGH 0 0 0 > tap0Well, that isn't going to work. Tinc absolutely doesn't know anything about your real IP addresses, and therefore doesn't know where to send them to, as can be seen from:> Jun 27 09:10:33 pcamueller tinc[28155]: Trying to look up 212.79.58.20 in > connection list failed!Tinc will only route packets if the destination IP matches one of the MyOwnVPNIP lines in other tincd's tinc.conf files. There is a dirty hack that might even work in your case, and that is setting the server's MyOwnVPNIP to 0.0.0.0/0. Furthermore, adding a gateway for an interface that doesn't do ARP (ethertap devices normally don't) is quite meaningless.> *** CLIENT tinc.conf *** > MyOwnVPNIP = 192.168.9.99/24> *** SERVER tinc.conf *** > MyOwnVPNIP = 192.168.9.1/24That is certainly very bad! Those subnets overlap! No wonder things don't work. I think you need to clean up some things first :)! ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ ------------------------------------------- - Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://ftp.nl.linux.org/pub/linux/tinc/