On Sun, Dec 28, 2014 at 08:30:02PM +0100, tinc.thegrue at spamgourmet.com wrote:
> Recently I've discovered these messages in my syslog:
>
> Dec 28 16:34:06 vdr tinc.grue[9731]: Possible intruder ix (192.168.178.25
port
> 60882): wrong keylength
> Dec 28 16:34:06 vdr tinc.grue[9731]: Error while processing METAKEY from ix
> (192.168.178.25 port 60882)
>
> Could you give me a hint about the reason? I've compared the public
keys and
> they match. Also, there's no problem to connect from host vdr to host
ix via
> tinc...
If the public keys match, then the problem is likely that the private
key used by ix does not match its public key. Possible mistakes are:
- Using "PrivateKey /path/to/rsa_key.priv" in tinc.conf (it should be
PrivateKeyFile instead of PrivateKey)
- Having multiple keys in rsa_key.priv and/or the host config file.
If in doubt, remove all public and private keys from ix's configuration
files, remove any Public/PrivateKey(File) statements from tinc.conf,
then generate a new keypair and distribute ix's new host config file to
the other node(s).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20141229/4c409a36/attachment.sig>