Hello all, my apologies if I have failed to RTFM, but the PDF manual and google were no help. I am trying to get a simple two node tunnel setup. I have verified that the up scripts bring up the interfaces as they are written; however my gut feeling is that there is something wrong there, but I am not sure exactly what. Misc items: * I have a Port line in horcrux because I ran INIT as a user, but I run tinc with sudo to access the tun device. * Tinc is being ran as root on the linux box. * I want the tunnel to be a 192.168.13.0/24 network. I would love to know more on how to troubleshoot this, but the tubes turn up nothing for the Error while processing ID message. They are both the same build (source downloaded and built, minutes apart from each other). horcrux OSX 10.9.2 IP: 10.0.1.70 VPN IP: 192.168.13.70 electrum Ubuntu 12.04.3 IP 10.0.1.108 VPN IP 192.168.13.108 hosts/horcrux -----RSA PUBLIC KEY SNIPPED FROM POSTING----- ECDSAPublicKey = <snipped> Port = 32096 Subnet = 192.168.13.0/24 Address = 10.0.1.70 hosts/electrum -----RSA PUBLIC KEY SNIPPED FROM POSTING----- ECDSAPublicKey = <snipped> Subnet = 192.168.13.0/24 Address = 10.0.1.108 horcrux/tinc-up ifconfig $INTERFACE 192.168.13.70 192.168.13.1 mtu 1500 netmask 255.255.255.255 electrum/tinc-up ifconfig $INTERFACE 192.168.13.108 netmask 255.255.255.0 electrum console output: $ tinc -n bat start -D --bypass-security -d5 tincd 1.1pre10 (Mar 11 2014 20:55:22) starting, debug level 5 /dev/net/tun is a Linux tun/tap device (tun mode) Listening on 0.0.0.0 port 655 Listening on :: port 655 Executing script tinc-up Ready Connection from 10.0.1.70 port 63525 Sending ID to <unknown> (10.0.1.70 port 63525): 0 electrum 17.3 Sending 16 bytes of metadata to <unknown> (10.0.1.70 port 63525) Got ID from <unknown> (10.0.1.70 port 63525): 0 horcrux 17.3 Sending ACK to horcrux (10.0.1.70 port 63525): 4 655 0 300000c Sending 16 bytes of metadata to horcrux (10.0.1.70 port 63525) Handshake phase not finished yet Error while processing ID from horcrux (10.0.1.70 port 63525) Closing connection with horcrux (10.0.1.70 port 63525) horcrux console output: $ sudo tinc -n bat start -D --bypass-security -d5 tincd 1.1pre10 (Mar 11 2014 20:47:47) starting, debug level 5 /dev/tun1 is a Generic BSD tun device Listening on 0.0.0.0 port 32096 Listening on :: port 32096 Executing script tinc-up Ready Trying to connect to electrum (10.0.1.108 port 655) Connected to electrum (10.0.1.108 port 655) Sending ID to electrum (10.0.1.108 port 655): 0 horcrux 17.3 Sending 15 bytes of metadata to electrum (10.0.1.108 port 655) Got ID from electrum (10.0.1.108 port 655): 0 electrum 17.3 Sending ACK to electrum (10.0.1.108 port 655): 4 32096 0 300000c Sending 18 bytes of metadata to electrum (10.0.1.108 port 655) Handshake phase not finished yet Error while processing ID from electrum (10.0.1.108 port 655) Closing connection with electrum (10.0.1.108 port 655) Could not set up a meta connection to electrum Trying to re-establish outgoing connection in 5 seconds ^CGot Interrupt: 2 signal Closing connection with horcrux (MYSELF port 32096) Executing script tinc-down Terminating As I said I have a hunch that my -up scripts are the culprit, but have tired many things to no avail. Thank you for your time to look at this. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140311/49a7ce9d/attachment.html>
Andrew: I just went through a very similar issue today. 1. Subnet should be the IP address on the VPN that you want the VPN adapter on your machine to use. (I made the same mistake you did! Guus corrected me on it). 2. Address is the LAN or WAN address that the system should contact in order to connect. Usually, an error processing ID points to mis-matched RSA keys. I documented my setup (similar to yours) here. It might be worth a look. http://learnlinuxonline.com/servers/setting-up-a-vpn-with-tinc-vpn-software Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft Certified Professional Microsoft Certified Small Business Specialist Digium Certified Asterisk Professional michael at highpoweredhelp.com<mailto:michael at highpoweredhelp.com> From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Andrew Burns Sent: Wednesday, March 12, 2014 12:01 AM To: tinc at tinc-vpn.org Subject: Error while processing ID Hello all, my apologies if I have failed to RTFM, but the PDF manual and google were no help. I am trying to get a simple two node tunnel setup. I have verified that the up scripts bring up the interfaces as they are written; however my gut feeling is that there is something wrong there, but I am not sure exactly what. Misc items: * I have a Port line in horcrux because I ran INIT as a user, but I run tinc with sudo to access the tun device. * Tinc is being ran as root on the linux box. * I want the tunnel to be a 192.168.13.0/24<http://192.168.13.0/24> network. I would love to know more on how to troubleshoot this, but the tubes turn up nothing for the Error while processing ID message. They are both the same build (source downloaded and built, minutes apart from each other). horcrux OSX 10.9.2 IP: 10.0.1.70 VPN IP: 192.168.13.70 electrum Ubuntu 12.04.3 IP 10.0.1.108 VPN IP 192.168.13.108 hosts/horcrux -----RSA PUBLIC KEY SNIPPED FROM POSTING----- ECDSAPublicKey = <snipped> Port = 32096 Subnet = 192.168.13.0/24<http://192.168.13.0/24> Address = 10.0.1.70 hosts/electrum -----RSA PUBLIC KEY SNIPPED FROM POSTING----- ECDSAPublicKey = <snipped> Subnet = 192.168.13.0/24<http://192.168.13.0/24> Address = 10.0.1.108 horcrux/tinc-up ifconfig $INTERFACE 192.168.13.70 192.168.13.1 mtu 1500 netmask 255.255.255.255 electrum/tinc-up ifconfig $INTERFACE 192.168.13.108 netmask 255.255.255.0 electrum console output: $ tinc -n bat start -D --bypass-security -d5 tincd 1.1pre10 (Mar 11 2014 20:55:22) starting, debug level 5 /dev/net/tun is a Linux tun/tap device (tun mode) Listening on 0.0.0.0 port 655 Listening on :: port 655 Executing script tinc-up Ready Connection from 10.0.1.70 port 63525 Sending ID to <unknown> (10.0.1.70 port 63525): 0 electrum 17.3 Sending 16 bytes of metadata to <unknown> (10.0.1.70 port 63525) Got ID from <unknown> (10.0.1.70 port 63525): 0 horcrux 17.3 Sending ACK to horcrux (10.0.1.70 port 63525): 4 655 0 300000c Sending 16 bytes of metadata to horcrux (10.0.1.70 port 63525) Handshake phase not finished yet Error while processing ID from horcrux (10.0.1.70 port 63525) Closing connection with horcrux (10.0.1.70 port 63525) horcrux console output: $ sudo tinc -n bat start -D --bypass-security -d5 tincd 1.1pre10 (Mar 11 2014 20:47:47) starting, debug level 5 /dev/tun1 is a Generic BSD tun device Listening on 0.0.0.0 port 32096 Listening on :: port 32096 Executing script tinc-up Ready Trying to connect to electrum (10.0.1.108 port 655) Connected to electrum (10.0.1.108 port 655) Sending ID to electrum (10.0.1.108 port 655): 0 horcrux 17.3 Sending 15 bytes of metadata to electrum (10.0.1.108 port 655) Got ID from electrum (10.0.1.108 port 655): 0 electrum 17.3 Sending ACK to electrum (10.0.1.108 port 655): 4 32096 0 300000c Sending 18 bytes of metadata to electrum (10.0.1.108 port 655) Handshake phase not finished yet Error while processing ID from electrum (10.0.1.108 port 655) Closing connection with electrum (10.0.1.108 port 655) Could not set up a meta connection to electrum Trying to re-establish outgoing connection in 5 seconds ^CGot Interrupt: 2 signal Closing connection with horcrux (MYSELF port 32096) Executing script tinc-down Terminating As I said I have a hunch that my -up scripts are the culprit, but have tired many things to no avail. Thank you for your time to look at this. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140312/a5b13574/attachment-0001.html>
On Tue, Mar 11, 2014 at 10:01:20PM -0600, Andrew Burns wrote:> Hello all, my apologies if I have failed to RTFM, but the PDF manual and > google were no help. > > I am trying to get a simple two node tunnel setup. I have verified that > the up scripts bring up the interfaces as they are written; however my gut > feeling is that there is something wrong there, but I am not sure exactly > what. > > Misc items: > * I have a Port line in horcrux because I ran INIT as a user, but I run > tinc with sudo to access the tun device. > * Tinc is being ran as root on the linux box. > * I want the tunnel to be a 192.168.13.0/24 network. > > I would love to know more on how to troubleshoot this, but the tubes turn > up nothing for the Error while processing ID message. They are both the > same build (source downloaded and built, minutes apart from each other).You are running tinc 1.1pre10, which by default uses a new protocol by default. It could be that that is causing issues. Try adding "ExperimentalProtocol = no" to tinc.conf on all nodes, and see if that fixes the issue. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140317/4337496d/attachment.sig>