Hello! I have set up tunnel between a FreeBSD machine and Windows Vista. Tunnel is established, but when I try to ping either end ping fails. I have temporarily switched off firewalls on both machines, no luck. Here is client tinc.conf on Vista: Name = lenovo_client ConnectTo = lenovo_server Interface = tinctap Subnet = 10.20.40.0/24 Sevrer tinc.conf on FreeBSD: Device=/dev/tap0 Name=lenovo_server PrivateKeyFile=/usr/local/etc/tinc/lenovo/rsa_key.priv Client host file: Compression=9 Subnet = 10.20.40.0/24 -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- Server host file: Compression=9 Subnet=10.20.40.0/24 Address=xx.xxx.xxx.xxx -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- Entry in tinc-up on server side: ifconfig $INTERFACE 10.20.40.1 netmask 255.255.255.0 Tap interface properties set in Vista: IP = 10.20.40.2 Subnet = 255.255.255.0 Unfortunately I'm not strong in networking and have been unsuccessfully struggling with this setup for whole day. I want to make a simple tunnel between these two PCs and later maybe add some more so that they think they're in same network. IMHO they should be in one network when tunnel is established, server having ip 10.20.40.1 and client 10.20.40.2. When I try to ping them respectively I got 100% loss or host is down messages. What's wrong? Best Regards, Viktors -- Viktors ?ilinskis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20080327/fcbe51af/attachment.htm
Hi, this is the idea: you have two machines in differen subnets e.g. : machine 1: 10.20.40.0/24 machine 2: 10.20.41.0/24 When running tinc, you make a network "10.20.0.0/16", connected to the virtual device. Now, the virtual interface can have the same ip address as the physical interface on each machine, yes, really, two interfaces on the same machine, with the same ip address, just a different netmask. so you get the following routing: machine 1: 10.20.40.0/24 -> physical interface 10.20.0.0/16 -> virtual interface with ip address for both interfaces e.g. 10.20.40.1 machine 2: 10.20.41.0/24 -> physical interface 10.20.0.0/16 -> virtual interface with ip address for both interfaces e.g. 10.20.41.1 cheers. On Thu, Mar 27, 2008 at 2:43 PM, Viktors ?ilinskis < viktors.zilinskis at vianova.lv> wrote:> Hello! > > I have set up tunnel between a FreeBSD machine and Windows Vista. Tunnel > is established, but when I try to ping either end ping fails. I have > temporarily switched off firewalls on both machines, no luck. > > Here is client tinc.conf on Vista: > Name = lenovo_client > ConnectTo = lenovo_server > Interface = tinctap > Subnet = 10.20.40.0/24 > > Sevrer tinc.conf on FreeBSD: > Device=/dev/tap0 > Name=lenovo_server > PrivateKeyFile=/usr/local/etc/tinc/lenovo/rsa_key.priv > > Client host file: > Compression=9 > Subnet = 10.20.40.0/24 > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY----- > > > Server host file: > Compression=9 > Subnet=10.20.40.0/24 > Address=xx.xxx.xxx.xxx > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY----- > > Entry in tinc-up on server side: > ifconfig $INTERFACE 10.20.40.1 netmask 255.255.255.0 > > Tap interface properties set in Vista: > IP = 10.20.40.2 Subnet = 255.255.255.0 > > Unfortunately I'm not strong in networking and have been unsuccessfully > struggling with this setup for whole day. I want to make a simple tunnel > between these two PCs and later maybe add some more so that they think > they're in same network. IMHO they should be in one network when tunnel is > established, server having ip 10.20.40.1 and client 10.20.40.2. When I try > to ping them respectively I got 100% loss or host is down messages. What's > wrong? > > Best Regards, > Viktors > > > > > -- > Viktors ?ilinskis > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20080327/d91153ef/attachment.htm
Hi, It looks like you've tried to follow the Windows example on the tinc website. Viktors ?ilinskis wrote:> Hello! > > I have set up tunnel between a FreeBSD machine and Windows Vista. > Tunnel is established, but when I try to ping either end ping fails. I > have temporarily switched off firewalls on both machines, no luck. > > Here is client tinc.conf on Vista: > Name = lenovo_client > ConnectTo = lenovo_server > Interface = tinctap > Subnet = 10.20.40.0/24 <http://10.20.40.0/24>The subnet entry should not be in the tinc.conf file, so that line can be removed.> > Sevrer tinc.conf on FreeBSD: > Device=/dev/tap0 > Name=lenovo_server > PrivateKeyFile=/usr/local/etc/tinc/lenovo/rsa_key.priv >Looks fine.> Client host file: > Compression=9 > Subnet = 10.20.40.0/24 <http://10.20.40.0/24> > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY----- >Okay, so because you only want a single address, change it to: Subnet = 10.20.40.2/32> > Server host file: > Compression=9 > Subnet=10.20.40.0/24 <http://10.20.40.0/24> > Address=xx.xxx.xxx.xxx > -----BEGIN RSA PUBLIC KEY----- > ... > -----END RSA PUBLIC KEY-----Change the subnet line to: Subnet = 10.20.40.1/32> > Entry in tinc-up on server side: > ifconfig $INTERFACE 10.20.40.1 <http://10.20.40.1> netmask > 255.255.255.0 <http://255.255.255.0> > > Tap interface properties set in Vista: > IP = 10.20.40.2 <http://10.20.40.2> Subnet = 255.255.255.0 > <http://255.255.255.0>These are both alright.> Unfortunately I'm not strong in networking and have been > unsuccessfully struggling with this setup for whole day. I want to > make a simple tunnel between these two PCs and later maybe add some > more so that they think they're in same network. IMHO they should be > in one network when tunnel is established, server having ip 10.20.40.1 > <http://10.20.40.1> and client 10.20.40.2 <http://10.20.40.2>. When I > try to ping them respectively I got 100% loss or host is down > messages. What's wrong?Also, the command: tincd -n <networkname> -D -d5 will help you in the debugging process.> > Best Regards, > Viktors > >Good Luck, Mike> > > -- > Viktors ?ilinskis > ------------------------------------------------------------------------ > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >
Hello, again! I was following that example indeed. Thanks a lot for your time, I got it work at home :) Hard to understand these things when you've never managed more that 3 PCs. Tomorrow I'll check it at office, I hope the result will be no different. While this is not of primary concern at the moment may I ask your comment on these "logs": ########### # @SERVER # ########### # ping -v 10.20.40.2 PING 10.20.40.2 (10.20.40.2): 56 data bytes 64 bytes from 10.20.40.2: icmp_seq=0 ttl=128 time=96.480 ms 64 bytes from 10.20.40.2: icmp_seq=1 ttl=128 time=83.773 ms 36 bytes from 188.Red-83-50-137.dynamicIP.rima-tde.net (83.50.137.188): Destination Port Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 9300 ea5a 0 0000 30 11 9320 XX.XXX.XXX.XXX 83.50.137.188 UDP: from port 2885, to port 17353 (decimal) 36 bytes from 225.Red-88-19-105.staticIP.rima-tde.net (88.19.105.225): Destination Port Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 9300 ea7f 0 0000 30 11 adf5 XX.XXX.XXX.XXX 88.19.105.225 UDP: from port 2885, to port 22204 (decimal) 36 bytes from 236.Red-81-38-15.dynamicIP.rima-tde.net (81.38.15.236): Destination Port Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 6100 eabc 0 0000 30 11 0ecd XX.XXX.XXX.XXX 81.38.15.236 UDP: from port 2885, to port 21285 (decimal) 64 bytes from 10.20.40.2: icmp_seq=2 ttl=128 time=50.530 ms 36 bytes from 171.Red-83-42-32.dynamicIP.rima-tde.net (83.42.32.171): Destination Port Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 9300 ea43 0 0000 30 11 fc50 XX.XXX.XXX.XXX 83.42.32.171 UDP: from port 2885, to port 22682 (decimal) 36 bytes from 134.Red-83-36-72.dynamicIP.rima-tde.net (83.36.72.134): Destination Port Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 9300 eb18 0 0000 30 11 d3a6 XX.XXX.XXX.XXX 83.36.72.134 UDP: from port 2885, to port 16431 (decimal) ####### # EOF # ####### What's that 188.Red-83-50-137.dynamicIP.rima-tde.net and others? Is it something I just don't understand or is it some crap that shouldn't be there? ########### # @CLIENT # ########### Received packet of 74 bytes from lenovo_server (XX.XXX.XXX.XXX port 655) Writing packet of 74 bytes to Windows tap device Read packet of 175 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 239.255.255.250 Writing packet of 203 bytes to Windows tap device Read packet of 230 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 Writing packet of 258 bytes to Windows tap device Read packet of 74 bytes from Windows tap device Sending packet of 74 bytes to lenovo_server (XX.XXX.XXX.XXX port 655) Sending PACKET to lenovo_server (XX.XXX.XXX.XXX port 655): 17 74 Sending 6 bytes of metadata to lenovo_server (XX.XXX.XXX.XXX port 655) Sending 74 bytes of metadata to lenovo_server (XX.XXX.XXX.XXX port 655) Flushing 80 bytes to lenovo_server (XX.XXX.XXX.XXX port 655) Got PACKET from lenovo_server (XX.XXX.XXX.XXX port 655): 17 74 Received packet of 74 bytes from lenovo_server (XX.XXX.XXX.XXX port 655) Writing packet of 74 bytes to Windows tap device Read packet of 110 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 Writing packet of 138 bytes to Windows tap device Read packet of 110 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 Writing packet of 138 bytes to Windows tap device Read packet of 110 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 Writing packet of 138 bytes to Windows tap device Read packet of 175 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 239.255.255.250 Writing packet of 203 bytes to Windows tap device Read packet of 110 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 Writing packet of 138 bytes to Windows tap device Read packet of 110 bytes from Windows tap device Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 ####### # EOF # ####### So here is fragment from level 5 debug as Mike had suggested, and I have two questions. First - is this "unknown IPv4 destination address 10.20.40.255" message ok, or it point out a problem. And the second one - why in the earth does it care about some 239.255.255.250 addresses? I feel like I should RTFM again, but this time I will think why it does work, not fails to do so :D Best Regards, Viktors ?ilinskis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20080328/37d39182/attachment-0001.htm
Viktors ?ilinskis wrote:> Hello, again! > > I was following that example indeed. Thanks a lot for your time, I got it work at home :) >Excellent. :-) Glad we could help.> Hard to understand these things when you've never managed more that 3 PCs. Tomorrow I'll check it at office, > I hope the result will be no different. While this is not of primary concern at the moment may I ask your comment on these "logs": > > ########### > # @SERVER # > ########### > > # ping -v 10.20.40.2 > PING 10.20.40.2 (10.20.40.2): 56 data bytes > 64 bytes from 10.20.40.2: icmp_seq=0 ttl=128 time=96.480 ms > 64 bytes from 10.20.40.2: icmp_seq=1 ttl=128 time=83.773 ms > 36 bytes from 188.Red-83-50-137.dynamicIP.rima-tde.net (83.50.137.188): Destination Port Unreachable > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > 4 5 00 9300 ea5a 0 0000 30 11 9320 XX.XXX.XXX.XXX 83.50.137.188 > UDP: from port 2885, to port 17353 (decimal) > > 36 bytes from 225.Red-88-19-105.staticIP.rima-tde.net (88.19.105.225): Destination Port Unreachable > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > 4 5 00 9300 ea7f 0 0000 30 11 adf5 XX.XXX.XXX.XXX 88.19.105.225 > UDP: from port 2885, to port 22204 (decimal) > > 36 bytes from 236.Red-81-38-15.dynamicIP.rima-tde.net (81.38.15.236): Destination Port Unreachable > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > 4 5 00 6100 eabc 0 0000 30 11 0ecd XX.XXX.XXX.XXX 81.38.15.236 > UDP: from port 2885, to port 21285 (decimal) > > 64 bytes from 10.20.40.2: icmp_seq=2 ttl=128 time=50.530 ms > 36 bytes from 171.Red-83-42-32.dynamicIP.rima-tde.net (83.42.32.171): Destination Port Unreachable > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > 4 5 00 9300 ea43 0 0000 30 11 fc50 XX.XXX.XXX.XXX 83.42.32.171 > UDP: from port 2885, to port 22682 (decimal) > > 36 bytes from 134.Red-83-36-72.dynamicIP.rima-tde.net (83.36.72.134): Destination Port Unreachable > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > 4 5 00 9300 eb18 0 0000 30 11 d3a6 XX.XXX.XXX.XXX 83.36.72.134 > UDP: from port 2885, to port 16431 (decimal) > > ####### > # EOF # > ####### > > What's that 188.Red-83-50-137.dynamicIP.rima-tde.net and others? Is it something I just don?t understand or is it some crap that shouldn't be there? >Something strange is happening with your routing? What's the output of your routing table?> ########### > # @CLIENT # > ########### > > Received packet of 74 bytes from lenovo_server (XX.XXX.XXX.XXX port 655) > Writing packet of 74 bytes to Windows tap device > Read packet of 175 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 239.255.255.250 > Writing packet of 203 bytes to Windows tap device > Read packet of 230 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 > Writing packet of 258 bytes to Windows tap device > Read packet of 74 bytes from Windows tap device > Sending packet of 74 bytes to lenovo_server (XX.XXX.XXX.XXX port 655) > Sending PACKET to lenovo_server (XX.XXX.XXX.XXX port 655): 17 74 > Sending 6 bytes of metadata to lenovo_server (XX.XXX.XXX.XXX port 655) > Sending 74 bytes of metadata to lenovo_server (XX.XXX.XXX.XXX port 655) > Flushing 80 bytes to lenovo_server (XX.XXX.XXX.XXX port 655) > Got PACKET from lenovo_server (XX.XXX.XXX.XXX port 655): 17 74 > Received packet of 74 bytes from lenovo_server (XX.XXX.XXX.XXX port 655) > Writing packet of 74 bytes to Windows tap device > Read packet of 110 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 > Writing packet of 138 bytes to Windows tap device > Read packet of 110 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 > Writing packet of 138 bytes to Windows tap device > Read packet of 110 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 > Writing packet of 138 bytes to Windows tap device > Read packet of 175 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 239.255.255.250 > Writing packet of 203 bytes to Windows tap device > Read packet of 110 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 > Writing packet of 138 bytes to Windows tap device > Read packet of 110 bytes from Windows tap device > Cannot route packet from lenovo_client (MYSELF): unknown IPv4 destination address 10.20.40.255 > > ####### > # EOF # > ####### >It's just windows doing a network broadcast NETBIOS thing. You're running tinc in the default "router" mode - It doesn't support broadcast addresses. Nothing to worry about.> So here is fragment from level 5 debug as Mike had suggested, and I have two questions. First - is this "unknown IPv4 destination address 10.20.40.255" message ok, or it point out a problem. And the second one - why in the earth does it care about some 239.255.255.250 addresses? > > I feel like I should RTFM again, but this time I will think why it does work, not fails to do so :D >Good Luck, Mike> Best Regards, > Viktors ?ilinskis > >
Sorry for double-posting, first time forgot to change the subject of e-mail... Hi! Thanks again - VPN works perfectly at office as well! :) If I run ping -v 10.20.40.2 on server as an unprivileged user I get the following: ### ### PING 10.20.40.2 (10.20.40.2): 56 data bytes 64 bytes from 10.20.40.2: icmp_seq=0 ttl=128 time=11.862 ms 64 bytes from 10.20.40.2: icmp_seq=1 ttl=128 time=184.832 ms 64 bytes from 10.20.40.2: icmp_seq=2 ttl=128 time=798.177 ms 64 bytes from 10.20.40.2: icmp_seq=3 ttl=128 time=10.659 ms 64 bytes from 10.20.40.2: icmp_seq=4 ttl=128 time=23.155 ms 64 bytes from 10.20.40.2: icmp_seq=5 ttl=128 time=256.141 ms 64 bytes from 10.20.40.2: icmp_seq=6 ttl=128 time=168.339 ms ^C --- 10.20.40.2 ping statistics --- 7 packets transmitted, 7 packets received, 0% packet loss round-trip min/avg/max/stddev = 10.659/207.595/798.177/257.548 ms ### ### If I run the same as a root, I get: ### ### PING 10.20.40.2 (10.20.40.2): 56 data bytes 64 bytes from 10.20.40.2: icmp_seq=0 ttl=128 time=13.039 ms 64 bytes from 10.20.40.2: icmp_seq=1 ttl=128 time=148.408 ms 64 bytes from 10.20.40.2: icmp_seq=2 ttl=128 time=72.130 ms 64 bytes from 10.20.40.2: icmp_seq=3 ttl=128 time=12.023 ms 64 bytes from 10.20.40.2: icmp_seq=4 ttl=128 time=101.818 ms 36 bytes from 120.Red-83-34-193.dynamicIP.rima-tde.net (83.34.193.120): Destination Port Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 9300 1476 0 0000 30 11 3159 XX.XXX.XXX.XXX 83.34.193.120 UDP: from port 2885, to port 24052 (decimal) 64 bytes from 10.20.40.2: icmp_seq=5 ttl=128 time=103.037 ms 64 bytes from 10.20.40.2: icmp_seq=6 ttl=128 time=57.165 ms 64 bytes from 10.20.40.2: icmp_seq=7 ttl=128 time=287.862 ms 64 bytes from 10.20.40.2: icmp_seq=8 ttl=128 time=206.765 ms 64 bytes from 10.20.40.2: icmp_seq=9 ttl=128 time=144.485 ms 64 bytes from 10.20.40.2: icmp_seq=10 ttl=128 time=47.450 ms 36 bytes from 143.Red-83-32-16.dynamicIP.rima-tde.net (83.32.16.143): Destination Port Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 9300 177d 0 0000 30 11 df3d XX.XXX.XXX.XXX 83.32.16.143 UDP: from port 2885, to port 18312 (decimal) 64 bytes from 10.20.40.2: icmp_seq=11 ttl=128 time=15.269 ms 64 bytes from 10.20.40.2: icmp_seq=12 ttl=128 time=198.215 ms 64 bytes from 10.20.40.2: icmp_seq=13 ttl=128 time=14.032 ms ^C --- 10.20.40.2 ping statistics --- 14 packets transmitted, 14 packets received, 0% packet loss round-trip min/avg/max/stddev = 12.023/101.550/287.862/82.758 ms ### ### When I run netstat -r, I get the following (real server address substituted with X): ### ### Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default bf-1-1-gw.net.bf.r UGS 1 6766487 rl0 10.20.40/24 link#3 UC 0 0 tap0 => 10.20.40&0xa142802 255.255.255.0 UGS 0 3656 rl0 10.20.40.1 00:bd:7f:71:0f:00 UHLW 1 6 lo0 10.20.40.2 00:bd:7f:71:0f:ff UHLW 1 106 tap0 541 XX.XXX.XXX/24 link#1 UC 0 0 rl0 brake.bf.rtu.lv 00:10:83:fc:cb:b2 UHLW 1 1 rl0 1195 XX.XXX.XXX.XXX 00:08:54:08:dc:96 UHLW 1 133 lo0 bf-1-1-gw.net.bf.r 00:15:17:14:85:a5 UHLW 2 0 rl0 1200 localhost localhost UH 0 144 lo0 ### ### Route monitor does not give anything new when pinging 10.20.40.2. Best Regards, Viktors Zilinskis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.tinc-vpn.org/pipermail/tinc/attachments/20080328/9b9c48be/attachment.htm
On Fri, Mar 28, 2008 at 02:36:36PM +0200, Viktors ?ilinskis wrote:> If I run the same as a root, I get: > ### ### > PING 10.20.40.2 (10.20.40.2): 56 data bytes > 64 bytes from 10.20.40.2: icmp_seq=0 ttl=128 time=13.039 ms > 64 bytes from 10.20.40.2: icmp_seq=1 ttl=128 time=148.408 ms > 64 bytes from 10.20.40.2: icmp_seq=2 ttl=128 time=72.130 ms > 64 bytes from 10.20.40.2: icmp_seq=3 ttl=128 time=12.023 ms > 64 bytes from 10.20.40.2: icmp_seq=4 ttl=128 time=101.818 ms > 36 bytes from 120.Red-83-34-193.dynamicIP.rima-tde.net (83.34.193.120): > Destination Port Unreachable > Vr HL TOS Len ID Flg off TTL Pro cks Src Dst > 4 5 00 9300 1476 0 0000 30 11 3159 XX.XXX.XXX.XXX 83.34.193.120 > UDP: from port 2885, to port 24052 (decimal)Perhaps ping, when run as root, intercepts all ICMP packets. It could be that hosts from rima-tde.net are indeed sending these strange packets to you, and you end up seeing them when you are running the ping command. Try using tcpdump on both the VPN and your real Ethernet interface(s) while you are running ping to see what kind of packets you are receiving. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20080329/5eb6261c/attachment.pgp