Hi, I upgraded some of my Tinc nodes from 1.0.8 recently and found something strange. All of a sudden, the vpn would not work as a full-mesh. Certain nodes were not contactable. I re-generated my rsa-keys, and checked my configuration. My vpn uses the following in tinc.conf, as I am routing both ipv4 and v6. ==name = node1 mode = switch AddressFamily = any PMTU = 1280 PMTUDiscovery = yes TCPonly = no ConnectTo = hub1 ConnectTo = hub2 ConnectTo = hub3 == My VPN has some hosts called by nodex. These nodes are dynamic-ip, and set to contact (connectTo) the hubs when they bring up their tincd. The hubx nodes are fixed-ip, and are connected to each other in a full mesh. With TCPonly = no, the vpn would only connect to ONE of the hubs, and traffic would not be routed to any other host on the vpn. In order to get full mesh functionality back, I have had to set TCPonly to yes, on all nodes. Hope this helps someone Graeme
On Sun, Nov 28, 2010 at 10:06:11PM +0000, wildph at wildph.net wrote:> I upgraded some of my Tinc nodes from 1.0.8 recently and found something > strange. > > All of a sudden, the vpn would not work as a full-mesh. Certain nodes > were not contactable.[...]> With TCPonly = no, the vpn would only connect to ONE of the hubs, and > traffic would not be routed to any other host on the vpn. > > In order to get full mesh functionality back, I have had to set TCPonly > to yes, on all nodes.That is very strange. Setting TCPOnly to yes should actually disable the full mesh functionality. Can you run the VPN without TCPOnly = yes, and then run tincd -n <netname> -kUSR2 on one of the nodes, and send us the resulting output from the syslog, and repeat this with TCPOnly = yes? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20101129/9df7d38c/attachment.pgp>
Thought I saw a changelog note saying TCPOnly & PMTUDiscovery were optional by now, since it auto-tries both. My host files are smaller these days from that change. On 2:59 PM, wildph at wildph.net wrote:> Hi, > > I upgraded some of my Tinc nodes from 1.0.8 recently and found something > strange. > > All of a sudden, the vpn would not work as a full-mesh. Certain nodes > were not contactable. > > I re-generated my rsa-keys, and checked my configuration. My vpn uses > the following in tinc.conf, as I am routing both ipv4 and v6. > > ==> name = node1 > mode = switch > AddressFamily = any > PMTU = 1280 > PMTUDiscovery = yes > TCPonly = no > ConnectTo = hub1 > ConnectTo = hub2 > ConnectTo = hub3 > ==> > My VPN has some hosts called by nodex. These nodes are dynamic-ip, and > set to contact (connectTo) the hubs when they bring up their tincd. > > The hubx nodes are fixed-ip, and are connected to each other in a full mesh. > > With TCPonly = no, the vpn would only connect to ONE of the hubs, and > traffic would not be routed to any other host on the vpn. > > In order to get full mesh functionality back, I have had to set TCPonly > to yes, on all nodes. > > > Hope this helps someone > > > Graeme > > > >The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The contents of this email do not necessarily represent the views or policies of E-Z Rent-A-Car or employees.
Hello, Is there way to request status info from a running tinc daemon? Like retreive a list of subnets the tinc network is aware of? Or list active nodes etc.. Also is there something like tinc route? Something that traces via whichs tinc nodes trafic is going? I would really like to know how my traffic is traveling. Thanks for the help Regards Hans de Groot
> Is there way to request status info from a running tinc daemon? > Like retreive a list of subnets the tinc network is aware of? > Or list active nodes etc..As far as I know you can send signals to a running tincd to gather information about the running tincd process. read this page of the manual: http://www.tinc-vpn.org/documentation/tinc_5.html#Signals maybe some core developer can extend my answer to this question. Saverio