Something to add. When this happened, it looks like tinc shutdown
gracefully(not seg fault ..), because I can tell tinc-down script got
implemented.
Heng
On Wed, Nov 25, 2015 at 6:00 AM, <tinc-request at tinc-vpn.org> wrote:
> Send tinc mailing list submissions to
> tinc at tinc-vpn.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
> or, via email, send a message with subject or body 'help' to
> tinc-request at tinc-vpn.org
>
> You can reach the person managing the list at
> tinc-owner at tinc-vpn.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tinc digest..."
>
> Today's Topics:
>
> 1. Re: Authenticating VPN addresses: a proposal (Sven-Haegar Koch)
> 2. tinc exit when there is no internet? (Heng Wang)
> 3. Re: tinc exit when there is no internet? (Guus Sliepen)
>
>
> ---------- Forwarded message ----------
> From: Sven-Haegar Koch <haegar at sdinet.de>
> To: tinc at tinc-vpn.org
> Cc:
> Date: Tue, 24 Nov 2015 17:00:45 +0100 (CET)
> Subject: Re: Authenticating VPN addresses: a proposal
> On Mon, 23 Nov 2015, Guus Sliepen wrote:
>
> > It also works in a situation where a group of people trust a central
> > authority which provides them with the configuration for their tinc
> > nodes, if StrictSubnets is used. The drawback is that an external tool
> > needs to be used (ChaosVPN is one such example, but there are others)
> > and it is not very flexible, but I would disagree that it is
> > unmanageable.
>
> In ChaosVPN we use StrictSubnets, and additionally the following patch
> on the core-nodes where (nearly) everyone connects to:
>
> (cut&paste whitespace damaged)
>
> diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c
> index 06dafbc..e2d4bfc 100644
> --- a/src/protocol_subnet.c
> +++ b/src/protocol_subnet.c
> @@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char
> *request) {
> if(strictsubnets) {
> logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring
unauthorized
> %s from %s (%s): %s",
> "ADD_SUBNET", c->name,
c->hostname,
> subnetstr);
> + /* Disabled forwarding of unauthorized subnets!
> forward_request(c, request);
> + */
> return true;
> }
>
> This was added because after a few years of operation of the network we
> had so many no-longer-existing subnet definitions flowing around that
> each connect created lots of error messages and a ton of useless
> metadata-traffic bouncing around, even when the nodes/subnets have been
> deleted from the hosts files for ages - as there was never a time that
> all nodes were down whenever one was restarted it learned the bogus
> routes again from something else, and spread it later (and tinc purge
> never worked for this).
>
> Since the bogus subnets are not forwarded anymore from the central nodes
> they only stay known to the edges until the next restart, so after a
> while they are really gone.
>
> c'ya
> sven-haegar
>
> --
> Three may keep a secret, if two of them are dead.
> - Ben F.
>
>
>
> ---------- Forwarded message ----------
> From: Heng Wang <hwang at verifeye.com>
> To: tinc at tinc-vpn.org
> Cc:
> Date: Tue, 24 Nov 2015 11:53:49 -0500
> Subject: tinc exit when there is no internet?
> Hi Guys,
>
> I have been using tinc in a linux environment, which has always been
> working fine. Recently I encountered an issue that tinc process exits(or
> crash?) when internet is down.
> What could be the cause of it? Is there a timeout mechanism inside tinc
> code that it will exit after failing to bring up tun/tap interface for a
> long period? The internet has been down for several days.
>
> I am trying to reproduce this issue by bringing down internet when tinc is
> working fine. In the meantime can anyone give some idea? I appreciate that.
>
> Thank you.
>
> Heng
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Guus Sliepen <guus at tinc-vpn.org>
> To: tinc at tinc-vpn.org
> Cc:
> Date: Tue, 24 Nov 2015 18:54:40 +0100
> Subject: Re: tinc exit when there is no internet?
> On Tue, Nov 24, 2015 at 11:53:49AM -0500, Heng Wang wrote:
>
> > I have been using tinc in a linux environment, which has always been
> > working fine. Recently I encountered an issue that tinc process
exits(or
> > crash?) when internet is down.
> > What could be the cause of it? Is there a timeout mechanism inside
tinc
> > code that it will exit after failing to bring up tun/tap interface for
a
> > long period? The internet has been down for several days.
>
> Tinc should never exit automatically, so this is clearly a bug.
>
> > I am trying to reproduce this issue by bringing down internet when
tinc
> is
> > working fine. In the meantime can anyone give some idea? I appreciate
> that.
>
> What version of tinc are you using? If it only happens after a long
> time, you might be able to speed things up by settings MaxTimeout = 5 in
> tinc.conf.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20151125/90ae72b9/attachment-0001.html>
