-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greeting- I have tinc on the following: 2 - x86 FreeBSD boxes 1 - ARM FreeBSD box 1 - x86 Macintosh All the x86 boxes can speak with each other, but none of the x86 boxes can speak with the ARM box. The ARM box says: [root at beaglebone /usr/local/etc/tinc/wdl]# tincd -D -n wdl tincd 1.0.24 (Mar 8 2015 14:55:57) starting, debug level 0 /dev/tun0 is a Generic BSD tun device add net 192.168.254.0: gateway 192.168.254.113 fib 0: route already in table Script tinc-up exited with non-zero status 1 Ready Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 27324) Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 655) Bogus data received from ivory (199.89.147.198 port 49706) Bogus data received from net01e (199.89.147.1 port 65164) I have no idea why it complains about the route and fib 0 as I use the same up script as on my two x86 FreeBSD boxes and they do not complain. Before someone says "replace your keys" I went down that road already. I verified I had the right keys on all systems. In addition I have replaced and repropagated the beaglebone keys 3 times. I want to stress that all the x86 boxes can speak with each other. The x86 boxes are FreeBSD 10.1, FreeBSD 8.1 and Mac OS X 10.6.8. The beaglebone keys were generated on the beaglebone. Ideas or clues appreciated. - -Brett - -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 If cowardly and dishonorable men sometimes shoot unarmed men with army pistols or guns, the evil must be prevented by the penitentiary and gallows, and not by a general deprivation of a constitutional privilege. - -Honorable J. A. Williams, Circuit Judge - Wilson v. State, 33 Ark. 557, 34 Am. Rep. 52 (1878). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU/ijSAAoJEK6K3yrc+RuDaIIIAIU8CBHPqMrEY420T/j6wHuC XyqFvH+/nkkQdiQRy8CnaYxCsY8KPVTjvsQp7Nko+0ItciPnWIWnfIrDoWacreoC NO22HIsA5tyT3p0LAnQ+huQcyvk+Kee0Rcgg/IVdpfys1cA+Yddo1VBFEy/+kjiT kXRqBl+CGtOeviamxegJ5mcs/qcg+qObQtYFGm5ewdvQdTzfioUNBHyKrrmn1ZNf CY/ToVaFXcxBKeudpggA1cJpbU9UrUbO1MYXeQYGz8J3onF2D2f8KXeLQ0AJHC7i W+2CQ25m0Du2E1hy1GyEoCiQfIQXpDx4Ey/Vy8TYYdpeQ15Khzrzp6tLRcAgkgo=Fa+2 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Further information about my possible endian issue. Trying to connect to net01e (199.89.147.1 port 655) Connected to net01e (199.89.147.1 port 655) Sending ID to net01e (199.89.147.1 port 655): 0 beaglebone 17 Sending 16 bytes of metadata to net01e (199.89.147.1 port 655) Flushing 16 bytes to net01e (199.89.147.1 port 655) Got ID from net01e (199.89.147.1 port 655): 0 net01e 17 Sending METAKEY to net01e (199.89.147.1 port 655): 1 94 64 0 0 66FF697AD4A7FCF8648C936F9F0F542CD43193752823A7CC7007634C6E5E11C4C2707C5B625D7EAD674CBF9FF333C0F1BBDEF07019671AABEAF3A5405B32627E7E148C1834F8AA2DAF9577A29B0A70A955D078BDD801332CA10B7E42A071B86D27E3B0ECECC8A67F190EA7956829437045F352BBF698CECAAD5835C70AF984345A4355DFCCDFF9477E480800AF7041F7AC9F42500961D3E3667E99FB1F014562A6F9D16C0FDAACE2EB5CB812F5E9254333DA66FB0EB4FDF5884E8C233261684BB2F4BDF688E5F9446593D6CB27600A7B4F1D722E14954EDD4939140B844AC2652C2AF33880385AF399AB28A69B7E13F3BBF4F17FD604756115968AA097A9A193CC1E382CF2F7D7A19062850F1AE818E3F195E5EBE5E949DBAA08BA867F70E7F47B348E694EDB67BFDF4C7FCF681150CB25BC54778BEA81EA39906236711306652C56209FB5442217649155FEDA6E93E28B5EF26B3CF2B04573949D53189A69EDBCFFA8456B2D130A7CA4398CC952A6F6496EE183D5234EF38C7EB13AEF6B0A4866F3E31087E425CE43D768085B6310CA0C420E0E35AAAE1527F450746707BFC4F13690C5F50FA429E5B74CB03039990148A08FC25FE070DF1F72AE79A737D27778F664AE51906E785450A7C9A78C301FB321BB831FF8CFE0B5868C626E05AAFFE8BAE324BB470A977D7AD78CC7327F3C224B450AECDB786EAD33ECB0300C5FBD Sending 1037 bytes of metadata to net01e (199.89.147.1 port 655) Flushing 1037 bytes to net01e (199.89.147.1 port 655) Got METAKEY from net01e (199.89.147.1 port 655): 1 94 64 0 0 98A49E33572CDA543759B548E8D7C953495F928181E4375480BF788AF8ACAD69A94CCE266A2663039118CE84DE7E4ECA6800C7C1CA7A3AB8DB555CE71C272A7DC3676F046D3C3321F6A5223DBE5D57A8B195B19F19A75C1C7514D936A53631DB59A9AE000012A60319FA7BBECDD103C5133857405C707157AA4F1D683E7597C2732CE7BD38837B5423565DF0E8620F982542CDAF2B390A65F314569DE10C0DDB9665F14B5D99E36AB545F0BC3D62A6CD2A312CE22698881F584FFD7656C6262B977A6B77DD11E9BC6166D876230731993DE9A4F16EBC28A151975D284F28DBE5A22958DFFE6319EFE88460A36E25D2FACDB01967C007532882D83BB4CAF1D089 Sending CHALLENGE to net01e (199.89.147.1 port 655): 2 80D5214F1B2A39AD3EF6F06249F9F6F7EC607E2BD1F26F4DADF451F8A932852EA1B280665DE587C9AF9AFE3B87502A7C9E8413CEE1C6193D88B5342BD2077C688B13894EAF189C7198D4ACF2F8FCB3802B04A9E57B98C82C48669722E1DB79202C4B865E14084991059F7F8C2332EE2E1290D57202FEA6299A64D2BD6B7F62F99E349F4D0E4399006014BB8616525C75BD2FC65C8FA71FDF2D3EE7D49CE5B6DE2CC3B9C0E53C41947FA1722B5BB05871E2BEAB8E12EF962E2C10F537349603446B96A5BFDBE1ADD5E1368BFC71EA08B1AE3C57D88FE04CB18E5CEA6647F11838D133E178A09AB13A4185D1465D03B6D0BEFA54E0C0C3DBF1F00D4DC68BB93429020802641025BEBB16305CE2D3C63344827D274A0E6EBB887957AF1CC56586F073763A3E7BCBC7E698B996879843DA159A1B808E0B179F3C7A1DFFF6A0C3DE58CFAE42AD62F5FC92D6348FCC214CFB116FCB6D73F6DF912EF67B432809D6AF2899EFE1CFF68394058231EB657543426853DDDEC056EF1A563CA28DBC6DC430DEAF7D705383CF7BF304A3B00DE912A12687A723EF8AF6F2E1D07740334686ADEDD0C7D9065FAD28C4065FEFF142549CB1DD985E57ED5E9C6312CC4DEDF97F8CB9D53A6016702E462FFAEC137A7BA8A45807422A4F18E7C82F830EAF71E079E03A970376FA500384DFBC2FCA5B9B73DA8152402EBD234BCB1EDDCE1135762113FC Sending 1027 bytes of metadata to net01e (199.89.147.1 port 655) Flushing 1027 bytes to net01e (199.89.147.1 port 655) Bogus data received from net01e (199.89.147.1 port 655) Closing connection with net01e (199.89.147.1 port 655) Could not set up a meta connection to net01e Trying to re-establish outgoing connection in 140 seconds Purging unreachable nodes - -Brett - -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 If cowardly and dishonorable men sometimes shoot unarmed men with army pistols or guns, the evil must be prevented by the penitentiary and gallows, and not by a general deprivation of a constitutional privilege. - -Honorable J. A. Williams, Circuit Judge - Wilson v. State, 33 Ark. 557, 34 Am. Rep. 52 (1878). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU/i7uAAoJEK6K3yrc+RuDnsIH+wRm1umlHWBW71vZMa6BVVdT 7d0VimX5H40OWNf78dGXCP07EdksRr3rrqsiRIq+i0A25+BMsSQAebOIvGFRll+U 8Qsk8zJDmPWR/pFSLqzn/W2Ho7YDs2w+xeBYL5bn7ez9P8GdNsKp+mNKRk4s0hi/ JaLQShfchjy2EG/yhTzX6YPXBU0x+0caSJq5tjHD36s2EzLqGkx6Me4hX6OMUA/+ 4ha0XpefquhpG+2clv6ezpImOiGjHceAYSLjh3nPvVcnFKaXuNeko/wyEhHiIsFt V3GfVqNWxb6LBpWMbVhCNmTID1RUJm4257XfNE227jFJrcYwCwoW3nNBQh9jCvA=mnqW -----END PGP SIGNATURE-----
On 03/10/2015 12:12 AM, Brett Wynkoop wrote:> Bogus data received from net01eI have already get theses error on x86 (one new client "D" can't connect to others clients "A" "B" "C" and also not connect to server "zero") I make new private and public keys in client "D". I copy public key "D" in server "zero" (replacing old public key "D"), and also give public key "zero" to client "D" all work I don't know why it doesnt work first time. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150310/06bb198f/attachment.sig>
On Mon, Mar 09, 2015 at 07:12:13PM -0400, Brett Wynkoop wrote:> I have tinc on the following: > > 2 - x86 FreeBSD boxes > 1 - ARM FreeBSD box > 1 - x86 Macintosh > > All the x86 boxes can speak with each other, but none of the x86 boxes > can speak with the ARM box.First of all, tinc should not have any problem handling mixed endianness. Also, most ARM systems nowadays are running in little-endian mode anyway. Debian on a Beaglebone Black sure is, I don't know about FreeBSD though.> The ARM box says: > > [root at beaglebone /usr/local/etc/tinc/wdl]# tincd -D -n wdl > tincd 1.0.24 (Mar 8 2015 14:55:57) starting, debug level 0 > /dev/tun0 is a Generic BSD tun device > add net 192.168.254.0: gateway 192.168.254.113 fib 0: route already in table > Script tinc-up exited with non-zero status 1 > Ready > > I have no idea why it complains about the route and fib 0 as I use the > same up script as on my two x86 FreeBSD boxes and they do not complain.Well, it says you are trying to add a route that already exists. Maybe that is indeed the case?> Bogus data received from net01e (199.89.147.1 port 655) > > Before someone says "replace your keys" I went down that road already. > I verified I had the right keys on all systems. In addition I have > replaced and repropagated the beaglebone keys 3 times.Some problem with the keys is the most likely explaination for "bogus message", however if that is ruled out the next likely problem is the use of "PrivateKey" or "PublicKey" statements in config files, when you actually meant "PrivateKeyFile" or "PublicKeyFile". Check if you have any of those statements. If so, I recommend removing them altogether. If that was not the problem, then another issue might be the version of OpenSSL on your Beaglebone not supporting the Cipher or Digest algorithms that you are using. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150310/49d68cd8/attachment.sig>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 10 Mar 2015 02:10:51 +0100 Guus Sliepen <guus at tinc-vpn.org> wrote:> If that was not the problem, then another issue might be the version > of OpenSSL on your Beaglebone not supporting the Cipher or Digest > algorithms that you are using. >This seems the most probable from the various tests and key changes and so forth that I have done. Yes I went through everything else you mention in the FAQ and your last email. I am calling tincd on the beaglebone as tincd -D -n wdl Here is my tinc.conf [wynkoop at beaglebone /usr/local/etc/tinc/wdl]$ more tinc.conf Name = beaglebone AddressFamily = ipv4 INTERFACE = tun0 DEVICE = /dev/tun0 [wynkoop at beaglebone /usr/local/etc/tinc/wdl]$ more tinc-up #!/bin/sh /sbin/ifconfig $INTERFACE 192.168.254.113 netmask 255.255.255.0 /sbin/route add -net 192.168.254.0 192.168.254.113 Which is the same, except addresses as on my other FreeBSD boxes and they do not toss the route error. Any pointers on checking my ssl lib? - -Brett - -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 If cowardly and dishonorable men sometimes shoot unarmed men with army pistols or guns, the evil must be prevented by the penitentiary and gallows, and not by a general deprivation of a constitutional privilege. - -Honorable J. A. Williams, Circuit Judge - Wilson v. State, 33 Ark. 557, 34 Am. Rep. 52 (1878). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU/k54AAoJEK6K3yrc+RuDxQ4H/Ah/EtMNUeNGWtQTAzC25MRt zJwmQg4Rx2NjhLOkMRn7v1Tr8yqrjRwC2niQ6BOB0bmXGFfEbFxhawrMel70dYgg KxGbbGb2T5qRX4+x7uVyT8NOXccnaUJSemkduNnIpYeZ90jNMHwOguJHds8Bcbap 2XwxCFh5ePGcMafb4AkB4bxDLbXk6Tu9SUssA87XqaeozlIeCWjPKBODJQz5xPLE iRyeaPVtlVlMwCp5KObMFbxLstXCLUAkG809OuLal+t51e8O6kM3YljyFg8G5So1 lYPU+SU2vW+v0RxMZ8MopirP+Fk6wq2Tmxm62AdZxuL/M/NawXASgcpJoyTlYu0=D415 -----END PGP SIGNATURE-----