I have been having some problems setting up tinc on 2 masquerading linux
slackware boxes.
routerA is a NAT router to the internet, for two networks on two interfaces.
This are the two networks:
eth1      Link encap:Ethernet  HWaddr 00:E0:4C:6C:6D:86  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9098636 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9847675 errors:0 dropped:0 overruns:2 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2611750715 (2490.7 Mb)  TX bytes:1869985047 (1783.3 Mb)
          Interrupt:10 Base address:0x2000 
eth2      Link encap:Ethernet  HWaddr 00:E0:4C:6C:63:94  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:82764456 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82696829 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:294332618 (280.6 Mb)  TX bytes:1305776726 (1245.2 Mb)
          Interrupt:11 Base address:0x4000 
(there are about 250 eth0 interfaces which I will spare you)
routerB is a simple masquerading box on a ADSL link. This is the internal
network:
eth1      Link encap:Ethernet  HWaddr 00:02:44:19:AE:8C  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9786 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9382 errors:0 dropped:0 overruns:0 carrier:0
          collisions:35 
          RX bytes:1312249 (1.2 Mb)  TX bytes:8034730 (7.6 Mb)
Now I want to create a VPN between 192.168.1.0/24 on routerA and 192.168.2.0/24
on routerB.
Here is what my config files look like on routerA:
--- tinc.conf ---
Name = routerA
TapDevice = /dev/net/tun
KeyExpire = 30000000
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
---------------------
--- tinc-up ---
#!/bin/sh
/sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
/sbin/ifconfig vpn 192.168.1.1 netmask 255.255.0.0 -arp
------------------
--- hosts/routerA ---
Address = 123.123.123.123
Subnet = 192.168.1.0/24
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAKz4+UIgS849Y1vgzdFCHySgO7MMbM/0i6w87UmB5pLLHDJci9hK7NvZ
WLxZVOymfFM90KnSPVlrOf+YZgLEzoC5tpBqeN1YUIaG1pV55Df7fshqVOdj3NoH
y4kHFZpK80USARh45HxpnSfOaaxncUT10OhQkEXad7EEJx+vGut5AgMA//8-----END RSA PUBLIC
KEY-----
---------------------------
--- hosts/routerB ---
Address = 123.123.123.124
Subnet = 192.168.2.0/24
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALEzI1Ib1Dbkh6GRZvpmHJos1GfzpJaoDEu/uATNRp0qSRh50WZ0zbar
St7meuu1lPq9D+/dG0pZWbsPkmr8bUECmi4HpKivK2gIuDQUVHy9O0KtpvHhYa6M
ZqvJIa0QEIL7YXxc1ftwvQN5N2ergPnv7eTOSnZwWme/0PwJ0Mz9AgMA//8-----END RSA PUBLIC
KEY-----
---------------------------
--- rsa_key.priv ---
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCs+PlCIEvOPWNb4M3RQh8koDuzDGzP9IusPO1JgeaSyxwyXIvY
Suzb2Vi8WVTspnxTPdCp0j1Zazn/mGYCxM6AubaQanjdWFCGhtaVeeQ3+37IalTn
Y9zaB8uJBxWaSvNFEgEYeOR8aZ0nzmmsZ3FE9dDoUJBF2nexBCcfrxrreQIDAP//
AoGARoI7TLmq4BpSDJOtOQum8XrqEKQPNsurgr7QkBktb9+Ou+4JRxHBolc4zO9O
102sVzK3sxDP5rTl9x+8JLkRzUqqvqeYl5LD3C1kyShrlqaAKZe0lvE6Y75mCEm6
Cf+wJ2kPbflLvJiSIml3oLbf85oYZHLneKE3apyas2oBd18CQQDe4AiIfSiPVrmL
8HVT+5NQ7mMVQIvJMfiQza0JBEBmpXX6Fq9EDUDJbkvQNZmrWGjfwG3qzVoYaPIa
Lg/zM92lAkEAxq4+eAjHEVgB0z0aYfOfhWMAFTV75InaUNk79Z4zBs0csBL+6cUW
5UzMUlSV/Zg171dtXBeKlsX1i3bvlIQWRQJBAKtb5Its3aMKLZRABUUGGip8YtRS
w4wEooNfVV/bD6q6826p7Yx8yQNne1thATXZIALfwqIgYlxU1DBrCJhhwdMCQGW0
39c59YEqWjmIZOXBJ83jt5KS73qwu95W0jRRq9iLH9aRz+dit1cgY0gYbNA5lvWX
6qcrBDCqjphu/ps5KM8CQDB0YKHWUL0IeZP5qwrmVUsEAY+NVxSyCJY7ttLtIaH9
+I4O6xU0NMzNLppVwEt2w8SRSAloqrX/dnvOb7ZmZOo-----END RSA PRIVATE KEY-----
-------------------------
On routerB the host files are exactly the same, only the tinc-up and tinc.conf
are different:
--- tinc.conf ---
Name = routerB
TapDevice = /dev/net/tun
ConnectTo = routerA
KeyExpire = 30000000
PrivateKeyFile = /usr/local/etc/tinc/vpn/rsa_key.priv
--------------------
--- tinc-up ---
#!/bin/sh
/sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
/sbin/ifconfig vpn 192.168.2.1 netmask 255.255.0.0 -arp
------------------
--- rsa_key.priv ---
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCxMyNSG9Q25IehkWb6ZhyaLNRn86SWqAxLv7gEzUadKkkYedFm
dM22q0re5nrrtZT6vQ/v3RtKWVm7D5Jq/G1BApouB6SorytoCLg0FFR8vTtCrabx
4WGujGarySGtEBCC+2F8XNX7cL0DeTdnq4D57+3kzkp2cFpnv9D8CdDM/QIDAP//
AoGAVtEQow7dazIp1UX95bNkvr2tXgswMi/PFfunt6H5toGqCXPYFzZY71OjJg+5
UKxrBbMePfZlkTaPuME90UA1FjoWHHxicaHhNqaZ8e0Qwp1/ICOA/ocDrbD5JnmH
2tZjgzizkoju/Jitd5wR0wNpR1gEzYVgYFNRqNlP7qMGCS8CQQDVnJhzAHCxFoAT
QXequiFREEY8rX2WdHDdFFoJuxciCa616UwBvppTyeXoDZGbLmDdCXKs9cmMVqfL
x6dOLIqrAkEA1FzT4VO2Yu28clP6i7yxXdgb0gQdNd5blu2fh7Sl0umsRNQvCZIi
wAIlM1GEyhPdv4ObzxbogYU4ei7blMUG9wJAbg3PiG8ufiq5vqVlMFZ9KKSvFEnm
Eb2nM02DgK7oJe1q9BtZx+/eqjGaqBxFtFylPAXuHpHvnEDxS6n0F/aClwJAY4YY
TexiIMTcmkzXcn4TeTc1WOSIePw61nkYwVi5Iw3nanT+tDHxfP8+YEgvTEcVrcsi
OvJOTqk2ffEdltjguQJAfeA+PyYVCaAZerDhOJt55T60JmVVaJj2ZOwKYCfxjgfb
2+NcdxasirbUYfAr8HyZ26dVJV8IgadyTxBpm258Ag=-----END RSA PRIVATE KEY-----
-------------------------
Here is what happens when I start tincd (tincd -n vpn -d) on both boxes.
on routerA:
tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
last message repeated 2 times
tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
tinc.vpn[31183]: Unauthorized request from routerB (123.123.123.124)
tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
last message repeated 2 times
on routerB:
tinc.vpn[889]: 123.123.123.123 port 655: Connection refused
tinc.vpn[889]: Could not set up a meta connection to 123.123.123.123
tinc.vpn[901]: Still failed to connect to other, will retry in 10 seconds
last message repeated 2 times
last message repeated 4 times
last message repeated 4 times
I am sure the key's are allright, I am sure port 655 is open and reachable,
I don't get it.
Does anyone have a idea on what I am doing wrong here?
Kind regards,
Ramon Bastiaans.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://brouwer.uvt.nl/pipermail/tinc/attachments/20011121/bd7d1aa7/attachment.htm
My mistake, the keyfile was a wrong keyfile on routerA, should be the one in
/usr/local/etc and NOT in /etc.
Sorry to have bothered you guys ;)
  ----- Original Message ----- 
  From: Ramon Bastiaans 
  To: tinc@nl.linux.org 
  Sent: Wednesday, November 21, 2001 11:47 AM
  Subject: Connection problems
  I have been having some problems setting up tinc on 2 masquerading linux
slackware boxes.
  routerA is a NAT router to the internet, for two networks on two interfaces.
This are the two networks:
  eth1      Link encap:Ethernet  HWaddr 00:E0:4C:6C:6D:86  
            inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:9098636 errors:0 dropped:0 overruns:0 frame:0
            TX packets:9847675 errors:0 dropped:0 overruns:2 carrier:0
            collisions:0 txqueuelen:100 
            RX bytes:2611750715 (2490.7 Mb)  TX bytes:1869985047 (1783.3 Mb)
            Interrupt:10 Base address:0x2000 
  eth2      Link encap:Ethernet  HWaddr 00:E0:4C:6C:63:94  
            inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:82764456 errors:0 dropped:0 overruns:0 frame:0
            TX packets:82696829 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:100 
            RX bytes:294332618 (280.6 Mb)  TX bytes:1305776726 (1245.2 Mb)
            Interrupt:11 Base address:0x4000 
  (there are about 250 eth0 interfaces which I will spare you)
  routerB is a simple masquerading box on a ADSL link. This is the internal
network:
  eth1      Link encap:Ethernet  HWaddr 00:02:44:19:AE:8C  
            inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:9786 errors:0 dropped:0 overruns:0 frame:0
            TX packets:9382 errors:0 dropped:0 overruns:0 carrier:0
            collisions:35 
            RX bytes:1312249 (1.2 Mb)  TX bytes:8034730 (7.6 Mb)
  Now I want to create a VPN between 192.168.1.0/24 on routerA and
192.168.2.0/24 on routerB.
  Here is what my config files look like on routerA:
  --- tinc.conf ---
  Name = routerA
  TapDevice = /dev/net/tun
  KeyExpire = 30000000
  PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
  ---------------------
  --- tinc-up ---
  #!/bin/sh
  /sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
  /sbin/ifconfig vpn 192.168.1.1 netmask 255.255.0.0 -arp
  ------------------
  --- hosts/routerA ---
  Address = 123.123.123.123
  Subnet = 192.168.1.0/24
  -----BEGIN RSA PUBLIC KEY-----
  MIGJAoGBAKz4+UIgS849Y1vgzdFCHySgO7MMbM/0i6w87UmB5pLLHDJci9hK7NvZ
  WLxZVOymfFM90KnSPVlrOf+YZgLEzoC5tpBqeN1YUIaG1pV55Df7fshqVOdj3NoH
  y4kHFZpK80USARh45HxpnSfOaaxncUT10OhQkEXad7EEJx+vGut5AgMA//8  -----END RSA
PUBLIC KEY-----
  ---------------------------
  --- hosts/routerB ---
  Address = 123.123.123.124
  Subnet = 192.168.2.0/24
  -----BEGIN RSA PUBLIC KEY-----
  MIGJAoGBALEzI1Ib1Dbkh6GRZvpmHJos1GfzpJaoDEu/uATNRp0qSRh50WZ0zbar
  St7meuu1lPq9D+/dG0pZWbsPkmr8bUECmi4HpKivK2gIuDQUVHy9O0KtpvHhYa6M
  ZqvJIa0QEIL7YXxc1ftwvQN5N2ergPnv7eTOSnZwWme/0PwJ0Mz9AgMA//8  -----END RSA
PUBLIC KEY-----
  ---------------------------
  --- rsa_key.priv ---
  -----BEGIN RSA PRIVATE KEY-----
  MIICXAIBAAKBgQCs+PlCIEvOPWNb4M3RQh8koDuzDGzP9IusPO1JgeaSyxwyXIvY
  Suzb2Vi8WVTspnxTPdCp0j1Zazn/mGYCxM6AubaQanjdWFCGhtaVeeQ3+37IalTn
  Y9zaB8uJBxWaSvNFEgEYeOR8aZ0nzmmsZ3FE9dDoUJBF2nexBCcfrxrreQIDAP//
  AoGARoI7TLmq4BpSDJOtOQum8XrqEKQPNsurgr7QkBktb9+Ou+4JRxHBolc4zO9O
  102sVzK3sxDP5rTl9x+8JLkRzUqqvqeYl5LD3C1kyShrlqaAKZe0lvE6Y75mCEm6
  Cf+wJ2kPbflLvJiSIml3oLbf85oYZHLneKE3apyas2oBd18CQQDe4AiIfSiPVrmL
  8HVT+5NQ7mMVQIvJMfiQza0JBEBmpXX6Fq9EDUDJbkvQNZmrWGjfwG3qzVoYaPIa
  Lg/zM92lAkEAxq4+eAjHEVgB0z0aYfOfhWMAFTV75InaUNk79Z4zBs0csBL+6cUW
  5UzMUlSV/Zg171dtXBeKlsX1i3bvlIQWRQJBAKtb5Its3aMKLZRABUUGGip8YtRS
  w4wEooNfVV/bD6q6826p7Yx8yQNne1thATXZIALfwqIgYlxU1DBrCJhhwdMCQGW0
  39c59YEqWjmIZOXBJ83jt5KS73qwu95W0jRRq9iLH9aRz+dit1cgY0gYbNA5lvWX
  6qcrBDCqjphu/ps5KM8CQDB0YKHWUL0IeZP5qwrmVUsEAY+NVxSyCJY7ttLtIaH9
  +I4O6xU0NMzNLppVwEt2w8SRSAloqrX/dnvOb7ZmZOo  -----END RSA PRIVATE KEY-----
  -------------------------
  On routerB the host files are exactly the same, only the tinc-up and tinc.conf
are different:
  --- tinc.conf ---
  Name = routerB
  TapDevice = /dev/net/tun
  ConnectTo = routerA
  KeyExpire = 30000000
  PrivateKeyFile = /usr/local/etc/tinc/vpn/rsa_key.priv
  --------------------
  --- tinc-up ---
  #!/bin/sh
  /sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
  /sbin/ifconfig vpn 192.168.2.1 netmask 255.255.0.0 -arp
  ------------------
  --- rsa_key.priv ---
  -----BEGIN RSA PRIVATE KEY-----
  MIICWwIBAAKBgQCxMyNSG9Q25IehkWb6ZhyaLNRn86SWqAxLv7gEzUadKkkYedFm
  dM22q0re5nrrtZT6vQ/v3RtKWVm7D5Jq/G1BApouB6SorytoCLg0FFR8vTtCrabx
  4WGujGarySGtEBCC+2F8XNX7cL0DeTdnq4D57+3kzkp2cFpnv9D8CdDM/QIDAP//
  AoGAVtEQow7dazIp1UX95bNkvr2tXgswMi/PFfunt6H5toGqCXPYFzZY71OjJg+5
  UKxrBbMePfZlkTaPuME90UA1FjoWHHxicaHhNqaZ8e0Qwp1/ICOA/ocDrbD5JnmH
  2tZjgzizkoju/Jitd5wR0wNpR1gEzYVgYFNRqNlP7qMGCS8CQQDVnJhzAHCxFoAT
  QXequiFREEY8rX2WdHDdFFoJuxciCa616UwBvppTyeXoDZGbLmDdCXKs9cmMVqfL
  x6dOLIqrAkEA1FzT4VO2Yu28clP6i7yxXdgb0gQdNd5blu2fh7Sl0umsRNQvCZIi
  wAIlM1GEyhPdv4ObzxbogYU4ei7blMUG9wJAbg3PiG8ufiq5vqVlMFZ9KKSvFEnm
  Eb2nM02DgK7oJe1q9BtZx+/eqjGaqBxFtFylPAXuHpHvnEDxS6n0F/aClwJAY4YY
  TexiIMTcmkzXcn4TeTc1WOSIePw61nkYwVi5Iw3nanT+tDHxfP8+YEgvTEcVrcsi
  OvJOTqk2ffEdltjguQJAfeA+PyYVCaAZerDhOJt55T60JmVVaJj2ZOwKYCfxjgfb
  2+NcdxasirbUYfAr8HyZ26dVJV8IgadyTxBpm258Ag=  -----END RSA PRIVATE KEY-----
  -------------------------
  Here is what happens when I start tincd (tincd -n vpn -d) on both boxes.
  on routerA:
  tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
  last message repeated 2 times
  tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
  tinc.vpn[31183]: Unauthorized request from routerB (123.123.123.124)
  tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
  last message repeated 2 times
  on routerB:
  tinc.vpn[889]: 123.123.123.123 port 655: Connection refused
  tinc.vpn[889]: Could not set up a meta connection to 123.123.123.123
  tinc.vpn[901]: Still failed to connect to other, will retry in 10 seconds
  last message repeated 2 times
  last message repeated 4 times
  last message repeated 4 times
  I am sure the key's are allright, I am sure port 655 is open and
reachable, I don't get it.
  Does anyone have a idea on what I am doing wrong here?
  Kind regards,
  Ramon Bastiaans.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://brouwer.uvt.nl/pipermail/tinc/attachments/20011121/02d71b72/attachment.html