First off, thanks to all who have made tinc possible and continue to work developing it. I hope perhaps in time I can become a useful part of this community. :) I'm having an interesting issue with tincctl and was hoping someone could shed some light on it. Everything seems to work correctly when I build for OSX; however on linux and windows builds, I always receive connection errors. Net and hostname changed, and copyright info left out from versions to save space. root@<hostname> # netstat -l -n -p | grep 655 tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 58362/tincd udp 0 0 0.0.0.0:655 0.0.0.0:* 58362/tincd root@<hostname># tincctl --net=<netname> stop Cannot connect to 127.0.0.1 port 655: Connection refused root@<hostname># tincctl --net=<netname> dump nodes Cannot connect to 127.0.0.1 port 655: Connection refused root@<hostname># tincctl --net=<netname> top Cannot connect to 127.0.0.1 port 655: Connection refused root@<hostname> # netstat -l -n -p | grep 655 tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 58362/tincd udp 0 0 0.0.0.0:655 0.0.0.0:* 58362/tincd root@<hostname># tincctl --net=<netname> --version tinc version 1.1pre2 (built May 26 2012 00:52:42, protocol 17.2) Variant on a second host, running a newer build, and IPv6: root@[hostname]:~# netstat -n -l | grep 655 tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 5164/tincd tcp 0 0 :::655 :::* LISTEN 5164/tincd udp 0 0 0.0.0.0:655 0.0.0.0:* 5164/tincd udp 0 0 :::655 :::* 5164/tincd root@[hostname]:~# tincctl --net=[netname] tinc.[netname]> version tinc version 1.1pre4 (built Dec 28 2012 23:02:11, protocol 17.2) tinc.[netname]> dump nodes Cannot connect to ::1 port 655: Connection timed out tinc.[netname]> dump graph Cannot connect to ::1 port 655: Connection timed out tinc.[netname]> stop Cannot connect to ::1 port 655: Connection timed out root@[hostname]:~# netstat -n -l | grep 655 tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 5164/tincd tcp 0 0 :::655 :::* LISTEN 5164/tincd udp 0 0 0.0.0.0:655 0.0.0.0:* 5164/tincd udp 0 0 :::655 :::* 5164/tincd I likely would have written this off as just being something still in development and not working yet... but I also built tinc on an old iMac that was recently gifted to me, and all tincctl commands work fine! Of course now that I see it works I long for this wonderful functionality on my linux machines at least (I could care less about windows actually). There are no firewall rules blocking connections, and obviously tincd is listening... is there something very obvious I'm missing here? -- -shikkc
On Sat, Dec 29, 2012 at 04:24:07AM +0900, shikkc wrote:> First off, thanks to all who have made tinc possible and continue to > work developing it. I hope perhaps in time I can become a useful > part of this community. :) I'm having an interesting issue with > tincctl and was hoping someone could shed some light on it. > Everything seems to work correctly when I build for OSX; however on > linux and windows builds, I always receive connection errors. Net > and hostname changed, and copyright info left out from versions to > save space.Hmm, that is certainly strange; I did test it on Linux and Windows, and there tincctl connected to a running tincd without any problems.> root@<hostname> # netstat -l -n -p | grep 655 > tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 58362/tincd > > root@<hostname># tincctl --net=<netname> stop > Cannot connect to 127.0.0.1 port 655: Connection refused[...]> Variant on a second host, running a newer build, and IPv6: > > root@[hostname]:~# netstat -n -l | grep 655 > tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 5164/tincd > tcp 0 0 :::655 :::* LISTEN 5164/tincd > > root@[hostname]:~# tincctl --net=[netname] > tinc.[netname]> dump nodes > Cannot connect to ::1 port 655: Connection timed outIt is even stranger to get connection timeouts to localhost. Could it be that you have firewall rules blocking connections to port 655? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130107/137deced/attachment.pgp>
On Mon, 7 Jan 2013 14:54:43 +0100, Guus Sliepen wrote:> It is even stranger to get connection timeouts to localhost. Could it be > that > you have firewall rules blocking connections to port 655?I tested this also with the firewall completely disabled, just now. Results: --------------------------------------------------------------------- [00:47:47 - ~] root@<hostname> # pidof tincd [00:48:13 - ~] root@<hostname> # netstat -l -n -p | grep 655 [00:48:16 - ~] root@<hostname> # for table in $(cat /proc/net/ip_tables_names); do /sbin/iptables -t ${table} -F; /sbin/iptables -t ${table} -X; done [00:48:20 - ~] root@<hostname> # for table in $(cat /proc/net/ip_tables_names); do echo "> ----------------- > Table: ${table} > ----------------- > "; /sbin/iptables -t ${table} -L -v; done----------------- Table: security ----------------- Chain INPUT (policy ACCEPT 31 packets, 1912 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 4 packets, 356 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 41 packets, 7044 bytes) pkts bytes target prot opt in out source destination ----------------- Table: raw ----------------- Chain PREROUTING (policy ACCEPT 35 packets, 2268 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 48 packets, 7864 bytes) pkts bytes target prot opt in out source destination ----------------- Table: nat ----------------- Chain PREROUTING (policy ACCEPT 16 packets, 960 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 16 packets, 960 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 246 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 4 packets, 246 bytes) pkts bytes target prot opt in out source destination ----------------- Table: mangle ----------------- Chain PREROUTING (policy ACCEPT 35 packets, 2268 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 31 packets, 1912 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 4 packets, 356 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 48 packets, 7864 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 52 packets, 8220 bytes) pkts bytes target prot opt in out source destination ----------------- Table: filter ----------------- Chain INPUT (policy ACCEPT 31 packets, 1912 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 4 packets, 356 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 48 packets, 7864 bytes) pkts bytes target prot opt in out source destination [00:48:24 - ~] root@<hostname> # tincctl --net=<netname> --pidfile /var/run/tinc.<netname>.pid start [00:48:32 - ~] root@<hostname> # pidof tincd 13700 [00:48:36 - ~] root@<hostname> # netstat -l -n -p | grep 655 tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 13700/tincd udp 0 0 0.0.0.0:655 0.0.0.0:* 13700/tincd [00:48:41 - ~] root@<hostname> # tincctl --net=<netname> --pidfile=/var/run/tinc.<netname>.pid dump nodes Cannot connect to 127.0.0.1 port 655: Connection refused [00:48:47 - ~] root@<hostname> # tincctl --net=<netname> --pidfile=/var/run/tinc.<netname>.pid pid Cannot connect to 127.0.0.1 port 655: Connection refused [00:48:51 - ~] root@<hostname> # tincctl --net=<netname> --pidfile=/var/run/tinc.<netname>.pid stop Cannot connect to 127.0.0.1 port 655: Connection refused [00:48:54 - ~] root@<hostname> # netstat -l -n -p | grep 655 tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 13700/tincd udp 0 0 0.0.0.0:655 0.0.0.0:* 13700/tincd [00:48:56 - ~] root@<hostname> # pidof tincd 13700 [00:48:59 - ~] root@<hostname> # --------------------------------------------------------------------- -- -shikkc
On Wed, Jan 16, 2013 at 01:00:53AM +0900, shikkc wrote:> >It is even stranger to get connection timeouts to localhost. Could it be > >that > >you have firewall rules blocking connections to port 655? > > I tested this also with the firewall completely disabled, just now. > Results:[...]> root@<hostname> # netstat -l -n -p | grep 655 > tcp 0 0 0.0.0.0:655 0.0.0.0:* LISTEN 13700/tincd > udp 0 0 0.0.0.0:655 0.0.0.0:* 13700/tincd > root@<hostname> # tincctl --net=<netname> --pidfile=/var/run/tinc.<netname>.pid dump nodes > Cannot connect to 127.0.0.1 port 655: Connection refusedAh, could it be that you are using the BindToInterface option in tinc.conf? I just checked, that would cause connections to localhost to fail. If you really do need to bind to a specific interface, use BindToAddress = <address of interface> instead. If that is not the problem, could you send me a copy of your tinc.conf? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130117/33903dcd/attachment.pgp>