Hi, I've been able to get tinc setup when I flush all my iptables, but after enabling iptables and a delay I get a "Destination Net Unknown". I have three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and WEB are in Digital ocean in the same data centre. HOME <---> MASTER <---> WEB I've tried multiple forwarding/masquerading/etc rules and don't understand what I'm missing. When iptables are enabled (same rules on MASTER and WEB) I get the following results: HOME $ ping 10.0.3.1 ==> Success HOME $ ping 10.0.3.3 ==> Destination Net Unknown MASTER $ ping 10.0.3.2 ==> Success MASTER $ ping 10.0.3.3 ==> Destination Net Unknown WEB $ ping 10.0.3.1 ==> Destination Net Unknown WEB $ ping 10.0.3.2 ==> Destination Net Unknown It's not just ICMP though, I get the same results for "nc -vz x.x.x.x 22" I'd appreciate any help. Thanks, Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170130/09b82a8c/attachment.html>
Here is an extract of my current iptables that are not working:
iptables -L -n -v
Chain INPUT (policy DROP 8 packets, 1120 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- lo * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3306
0 0 ACCEPT udp -- lo * 0.0.0.0/0
0.0.0.0/0 udp dpt:3306
0 0 NRPE tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5666
0 0 ACCEPT icmp -- * * x.x.x.x 0.0.0.0/0
icmptype 8
0 0 ACCEPT icmp -- * * 127.0.0.1
0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- * * 10.0.3.0/24
0.0.0.0/0 icmptype 8
0 0 ACCEPT tcp -- * * 10.0.3.0/24
0.0.0.0/0
0 0 ACCEPT udp -- * * 10.0.3.0/24
0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- * * x.x.x.x 0.0.0.0/0
icmptype 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:5666
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
192 13741 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- docker0 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0
0.0.0.0/0 udp spt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 limit: avg 25/min burst 100
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:25
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:22 state ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:2222 state ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:655 state NEW,ESTABLISHED
6 8976 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:655 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:80 state ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:443 state ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * docker0 0.0.0.0/0
172.17.0.0/16 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- docker0 * 172.17.0.0/16
0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 NRPE tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:5666
0 0 ACCEPT tcp -- * * 10.0.3.0/24
0.0.0.0/0
0 0 ACCEPT udp -- * * 10.0.3.0/24
0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp dpt:5666
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp spt:22 state ESTABLISHED
140 44173 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp spt:2222 state ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp spt:80 state ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp spt:443 state ESTABLISHED
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT udp -- * eth0 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:655 state NEW,ESTABLISHED
6 8976 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:655 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED
Chain NRPE (2 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
x.x.x.x
0 0 ACCEPT all -- * * x.x.x.x
0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 6 packets, 1831 bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 4 packets, 1348 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 14 packets, 856 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 2 packets, 136 bytes)
pkts bytes target prot opt in out source
destination
On Mon, Jan 30, 2017 at 2:05 PM, Dave Albert <dave.albert at gmail.com>
wrote:
> Hi,
>
> I've been able to get tinc setup when I flush all my iptables, but
after
> enabling iptables and a delay I get a "Destination Net Unknown".
I have
> three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and WEB are
> in Digital ocean in the same data centre.
>
> HOME <---> MASTER <---> WEB
>
> I've tried multiple forwarding/masquerading/etc rules and don't
understand
> what I'm missing.
>
> When iptables are enabled (same rules on MASTER and WEB) I get the
> following results:
>
> HOME $ ping 10.0.3.1 ==> Success
> HOME $ ping 10.0.3.3 ==> Destination Net Unknown
>
> MASTER $ ping 10.0.3.2 ==> Success
> MASTER $ ping 10.0.3.3 ==> Destination Net Unknown
>
> WEB $ ping 10.0.3.1 ==> Destination Net Unknown
> WEB $ ping 10.0.3.2 ==> Destination Net Unknown
>
>
> It's not just ICMP though, I get the same results for "nc -vz
x.x.x.x 22"
>
> I'd appreciate any help.
>
> Thanks,
> Dave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20170130/3392d9f7/attachment-0001.html>
Can you post your Tinc configuration too? El lun., 30 ene. 2017 a las 11:42, Dave Albert (<dave.albert at gmail.com>) escribió:> Here is an extract of my current iptables that are not working: > > iptables -L -n -v > > Chain INPUT (policy DROP 8 packets, 1120 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT tcp -- lo * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:3306 > 0 0 ACCEPT udp -- lo * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:3306 > 0 0 NRPE tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:5666 > 0 0 ACCEPT icmp -- * * x.x.x.x 0.0.0.0/0 > icmptype 8 > 0 0 ACCEPT icmp -- * * 127.0.0.1 > 0.0.0.0/0 icmptype 8 > 0 0 ACCEPT icmp -- * * 10.0.3.0/24 > 0.0.0.0/0 icmptype 8 > 0 0 ACCEPT tcp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 ACCEPT udp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 DROP icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmptype 8 > 0 0 ACCEPT icmp -- * * x.x.x.x 0.0.0.0/0 > icmptype 8 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:5666 > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED > 192 13741 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED > 0 0 ACCEPT all -- lo * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- docker0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 udp spt:53 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 limit: avg 25/min burst 100 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:123 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:25 > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:22 state ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:2222 state ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:655 state NEW,ESTABLISHED > 6 8976 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:655 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:80 state ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:443 state ESTABLISHED > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * docker0 0.0.0.0/0 > 172.17.0.0/16 ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all -- docker0 * 172.17.0.0/16 > 0.0.0.0/0 > 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 > 0.0.0.0/0 > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 NRPE tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:5666 > 0 0 ACCEPT tcp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 ACCEPT udp -- * * 10.0.3.0/24 > 0.0.0.0/0 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmptype 0 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW,RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:5666 > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:22 state ESTABLISHED > 140 44173 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:2222 state ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:80 state ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp spt:443 state ESTABLISHED > 0 0 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- * docker0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:123 > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:25 > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:2222 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:655 state NEW,ESTABLISHED > 6 8976 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:655 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED > 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED > > Chain NRPE (2 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > x.x.x.x > 0 0 ACCEPT all -- * * x.x.x.x > 0.0.0.0/0 > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > > > > iptables -t nat -L -n -v > Chain PREROUTING (policy ACCEPT 6 packets, 1831 bytes) > pkts bytes target prot opt in out source > destination > > Chain INPUT (policy ACCEPT 4 packets, 1348 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 14 packets, 856 bytes) > pkts bytes target prot opt in out source > destination > > Chain POSTROUTING (policy ACCEPT 2 packets, 136 bytes) > pkts bytes target prot opt in out source > destination > > > On Mon, Jan 30, 2017 at 2:05 PM, Dave Albert <dave.albert at gmail.com> > wrote: > > Hi, > > I've been able to get tinc setup when I flush all my iptables, but after > enabling iptables and a delay I get a "Destination Net Unknown". I have > three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and WEB are > in Digital ocean in the same data centre. > > HOME <---> MASTER <---> WEB > > I've tried multiple forwarding/masquerading/etc rules and don't understand > what I'm missing. > > When iptables are enabled (same rules on MASTER and WEB) I get the > following results: > > HOME $ ping 10.0.3.1 ==> Success > HOME $ ping 10.0.3.3 ==> Destination Net Unknown > > MASTER $ ping 10.0.3.2 ==> Success > MASTER $ ping 10.0.3.3 ==> Destination Net Unknown > > WEB $ ping 10.0.3.1 ==> Destination Net Unknown > WEB $ ping 10.0.3.2 ==> Destination Net Unknown > > > It's not just ICMP though, I get the same results for "nc -vz x.x.x.x 22" > > I'd appreciate any help. > > Thanks, > Dave > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-- *Ing. Guillermo Bisheimer* *B&S Sistemas de Control y Equipamientos* Av. de los Constituyentes 1172 (E3116CIX) Crespo, Entre Ríos Tel/Fax: (0343) 407-8990 (Nuevo número) Cel: (0343) 154679052 WEB: www.bys-control.com.ar e-mail: gbisheimer at bys-control.com.ar skype: guillermo.bisheimer -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170130/efe0c758/attachment-0001.html>
On Mon, Jan 30, 2017 at 02:05:43PM +0000, Dave Albert wrote:> I've been able to get tinc setup when I flush all my iptables, but after > enabling iptables and a delay I get a "Destination Net Unknown".Destination Net Unknown means that tinc does not know a Subnet that matches the destination IP address of VPN packets, either because there is no such Subnet, or because the host that has that Subnet is not connected. So it seems that with the iptables rules enabled, WEB and MASTER cannot make a TCP connection with HOME (and/or vice versa). From the firewall rules you posted:> Chain INPUT[...]> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:655 state NEW,ESTABLISHED > 6 8976 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:655 state NEW,ESTABLISHEDThat means no TCP connection to port 655 was ever attempted. But your OUTPUT rules are more interesting:> Chain OUTPUT[...]> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:655 state NEW,ESTABLISHED > 6 8976 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:655 state NEW,ESTABLISHEDThis only allows TCP connections from port 655 if they are NEW or ESTABLISHED. But tinc never makes outgoing TCP connections with source port 655! Outgoing TCP connections normally have a random port number. There is no other rule that allows outgoing TCP connections to port 655, except to those hosts within the IP range 10.0.3.0/24. I recommend you add a rule that ACCEPTs anything with state RELATED,ESTABLISHED in the OUTPUT chain. Put that rule first. Then you want to allow NEW outgoing connections with *destination* port 655. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170130/320c55c1/attachment.sig>
Thanks! Looks like my biggest problem was I had --sport for INPUT and --dport
for OUTPUT but was missing the reverse.
On 30/01/2017, 16:39, "tinc on behalf of Guus Sliepen"
<tinc-bounces at tinc-vpn.org on behalf of guus at tinc-vpn.org> wrote:
On Mon, Jan 30, 2017 at 02:05:43PM +0000, Dave Albert wrote:
> I've been able to get tinc setup when I flush all my iptables,
but after
> enabling iptables and a delay I get a "Destination Net
Unknown".
Destination Net Unknown means that tinc does not know a Subnet that
matches the destination IP address of VPN packets, either because there
is no such Subnet, or because the host that has that Subnet is not
connected. So it seems that with the iptables rules enabled, WEB and
MASTER cannot make a TCP connection with HOME (and/or vice versa).
From the firewall rules you posted:
> Chain INPUT
[...]
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:655 state NEW,ESTABLISHED
> 6 8976 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:655 state NEW,ESTABLISHED
That means no TCP connection to port 655 was ever attempted. But your
OUTPUT rules are more interesting:
> Chain OUTPUT
[...]
> 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:655 state NEW,ESTABLISHED
> 6 8976 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:655 state NEW,ESTABLISHED
This only allows TCP connections from port 655 if they are NEW or
ESTABLISHED. But tinc never makes outgoing TCP connections with source
port 655! Outgoing TCP connections normally have a random port number.
There is no other rule that allows outgoing TCP connections to port 655,
except to those hosts within the IP range 10.0.3.0/24.
I recommend you add a rule that ACCEPTs anything with state
RELATED,ESTABLISHED in the OUTPUT chain. Put that rule first. Then you
want to allow NEW outgoing connections with *destination* port 655.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
_______________________________________________
tinc mailing list
tinc at tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc