Hi all,
There's long time I'm having problems with a vpn... I'd be glad
if somebody could check my current setup.
Our problem is we're having tinc-vpn shortcuts while we have no
bandwidth problem nither 'ssh' trouble.
I attached some log lines from both the "server" and the
"client".
Some ASCII art...
___ ___ ___
| | tinc vpn | | | |
| p | over ADSL | i | LAN | p |
| a | __________ | s | ________ | a |
| m | / / | i | / / | t |
| |__/ /___| |__/ /___| |
----- ----- -----
pub:200.x.x.x pub:dynamic
vpn:10.10.10.1 vpn:10.10.10.2
pri:192.168.144.1 pri:192.168.144.1
Ok, let's see the configs of pam(perito) and isi(dorito).
I named their virtual interfaces as 'pamvpn' and 'isivpn'.
a-'isidorito' (our gateway+firewall+proxy) with dynamic IP
/etc/tinc/vpn/tinc.conf
Name = isivpn
Device = /dev/net/tun
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
ConnectTo = pamvpn
/etc/tinc/vpn/tinc-up
ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
ifconfig $INTERFACE 10.10.10.2 netmask 255.255.0.0
ifconfig $INTERFACE -arp
/etc/tinc/vpn/hosts/isivpn
Subnet = 10.10.10.2/32
Subnet = 192.168.144.0/24
TCPOnly = yes
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
/etc/tinc/vpn/hosts/pamvpn
isidorito:/etc/tinc/vpn/hosts# cat /etc/tinc/vpn/hosts/
isivpn pamvpn
isidorito:/etc/tinc/vpn/hosts# cat /etc/tinc/vpn/hosts/pamvpn
Address = 200.x.x.x
Subnet = 10.10.10.1/32
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
b-'pamperito' (it waits for isi's connections)
/etc/tinc/vpn/tinc.conf
Name = pamvpn
Device = /dev/tun
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
/etc/tinc/vpn/tinc-up
ifconfig $INTERFACE hw ether fe:fd:0:0:0:0
ifconfig $INTERFACE 10.10.10.1 netmask 255.255.0.0
ifconfig $INTERFACE -arp
route add -net 192.168.144.0 netmask 255.255.255.0 gw isivpn
dev vpn
pamvpn and isivpn are setup as in 'isidorito'
Is everything ok here?
In isidorito's syslog I even found:
nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with
pamvpn (200.x.x.x port 655)
nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with
isivpn (MYSELF)
^^^^^^^^^^^^^^^
I remember I added the subnet 192.168.144.0/24 because 'pat'
is our internal smtp server... so 'pam' needs to reach 'pat'
for mail delivery and viceversa.
I suspect I'm making a setup mistake, any clue will be very
appreciated.
TIA,
-
Roberto
------------ próxima parte ------------
nov 11 16:12:29 pamperito tinc.vpn[17311]: Metadata socket error for isivpn
(168.226.139.225 port 1871): Conexi?n reinicializada por la m?quina remota
nov 11 16:14:54 pamperito tinc.vpn[17311]: Metadata socket error for isivpn
(168.226.139.225 port 2341): Conexi?n reinicializada por la m?quina remota
nov 11 16:16:21 pamperito tinc.vpn[17311]: Bogus data received from isivpn
(168.226.139.225 port 2381)
nov 11 16:17:08 pamperito tinc.vpn[17311]: Bogus data received from isivpn
(168.226.139.225 port 2386)
Nov 11 16:49:02 pamperito exiscanv2[31949]: 1CSKwD-0000SI-00
F:<tinc-bounces@tinc-vpn.org> T:rmeyer@idr.org.ar R:clean, marked for
dequeue
nov 11 17:05:41 pamperito tinc.vpn[17311]: Bogus data received from isivpn
(168.226.140.12 port 3110)
------------ próxima parte ------------
nov 11 16:12:38 isidorito tinc.vpn[5841]: Sending meta data to pamvpn (200.x.x.x
port 655) failed: Recurso no disponible temporalmente
nov 11 16:12:38 isidorito tinc.vpn[5841]: Closing connection with pamvpn
(200.x.x.x port 655)
nov 11 16:12:38 isidorito tinc.vpn[5841]: Trying to re-establish outgoing
connection in 5 seconds
nov 11 16:12:45 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x
port 655)
nov 11 16:12:46 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port
655)
nov 11 16:12:47 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port
655) activated
nov 11 16:15:02 isidorito tinc.vpn[5841]: Sending meta data to pamvpn (200.x.x.x
port 655) failed: Recurso no disponible temporalmente
nov 11 16:15:02 isidorito tinc.vpn[5841]: Closing connection with pamvpn
(200.x.x.x port 655)
nov 11 16:15:02 isidorito tinc.vpn[5841]: Trying to re-establish outgoing
connection in 10 seconds
nov 11 16:15:18 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x
port 655)
nov 11 16:15:19 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port
655)
nov 11 16:15:20 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port
655) activated
nov 11 16:16:31 isidorito tinc.vpn[5841]: Metadata socket error for pamvpn
(200.x.x.x port 655): Conexi?n reinicializada por la m?quina remota
nov 11 16:16:31 isidorito tinc.vpn[5841]: Closing connection with pamvpn
(200.x.x.x port 655)
nov 11 16:16:31 isidorito tinc.vpn[5841]: Trying to re-establish outgoing
connection in 15 seconds
nov 11 16:16:52 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x
port 655)
nov 11 16:16:53 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port
655)
nov 11 16:16:54 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port
655) activated
nov 11 16:17:17 isidorito tinc.vpn[5841]: Metadata socket error for pamvpn
(200.x.x.x port 655): Conexi?n reinicializada por la m?quina remota
nov 11 16:17:17 isidorito tinc.vpn[5841]: Closing connection with pamvpn
(200.x.x.x port 655)
nov 11 16:17:17 isidorito tinc.vpn[5841]: Trying to re-establish outgoing
connection in 20 seconds
nov 11 16:17:40 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x
port 655)
nov 11 16:17:41 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port
655)
nov 11 16:17:42 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port
655) activated
nov 11 16:43:24 isidorito tinc.vpn[5841]: Regenerating symmetric key
nov 11 17:05:29 isidorito tinc.vpn[5841]: Got HUP signal
nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with pamvpn
(200.x.x.x port 655)
nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with isivpn
(MYSELF)
nov 11 17:05:35 isidorito tinc.vpn[5841]: Rereading configuration file and
restarting in 5 seconds...
nov 11 17:05:40 isidorito tinc.vpn[5841]: /dev/net/tun is a Linux tun/tap device
nov 11 17:05:40 isidorito tinc.vpn[5841]: Executing script tinc-up
nov 11 17:05:41 isidorito tinc.vpn[5841]: Listening on 0.0.0.0 port 655
nov 11 17:05:41 isidorito tinc.vpn[5841]: Ready
nov 11 17:05:41 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x
port 655)
nov 11 17:05:41 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port
655)
nov 11 17:05:42 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port
655) activated
nov 11 17:05:50 isidorito tinc.vpn[5841]: Sending meta data to pamvpn (200.x.x.x
port 655) failed: Recurso no disponible temporalmente
nov 11 17:05:50 isidorito tinc.vpn[5841]: Closing connection with pamvpn
(200.x.x.x port 655)
nov 11 17:05:50 isidorito tinc.vpn[5841]: Trying to re-establish outgoing
connection in 5 seconds
nov 11 17:06:04 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x
port 655)
nov 11 17:06:05 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port
655)
nov 11 17:06:06 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port
655) activated
On Thu, Nov 11, 2004 at 06:05:18PM -0300, Roberto Meyer wrote:> /etc/tinc/vpn/hosts/isivpn > Subnet = 10.10.10.2/32 > Subnet = 192.168.144.0/24 > TCPOnly = yes > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY-----Is there a reason for using TCPOnly? If not, try removing that option.> In isidorito's syslog I even found: > > nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with > pamvpn (200.x.x.x port 655) > nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with > isivpn (MYSELF) > ^^^^^^^^^^^^^^^When tinc shuts down, it always closes "itself", this is normal.> I suspect I'm making a setup mistake, any clue will be very > appreciated.Your configuration files do not contain any errors as far as I can see, however: [...]> nov 11 16:17:17 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) > nov 11 16:17:17 isidorito tinc.vpn[5841]: Trying to re-establish outgoing connection in 20 seconds > nov 11 16:17:40 isidorito tinc.vpn[5841]: Trying to connect to pamvpn (200.x.x.x port 655) > nov 11 16:17:41 isidorito tinc.vpn[5841]: Connected to pamvpn (200.x.x.x port 655) > nov 11 16:17:42 isidorito tinc.vpn[5841]: Connection with pamvpn (200.x.x.x port 655) activated > nov 11 16:43:24 isidorito tinc.vpn[5841]: Regenerating symmetric key > nov 11 17:05:29 isidorito tinc.vpn[5841]: Got HUP signal > nov 11 17:05:34 isidorito tinc.vpn[5841]: Closing connection with pamvpn (200.x.x.x port 655) > nov 11 17:05:35 isidorito tinc.vpn[5841]: Closing connection with isivpn (MYSELF) > nov 11 17:05:35 isidorito tinc.vpn[5841]: Rereading configuration file and restarting in 5 seconds...[...] That suggests that you are using an old version of tinc. Please try out 1.0.3, which has been released today. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20041111/ebf75963/attachment.pgp
Reasonably Related Threads
- can't ping to an internal IP through tinc's virtual interfaces (fwd)
- Windows Clients Can't join a Samba-OpenLDAP Domain (bad passwod after 30 seconds)
- smb signing is incompatible with share level security !
- Panic or segfault in Samba
- Problem connecting to Win2k share