Hello,
After upgrading my client system from Debian jessie to Debian stretch
(which includes an update from tinc 1.0.24 to tinc 1.0.31), I am
having trouble with my VPN:
As long as I let tinc connect directly (no "Proxy" configuration
option on the client), everything works fine:
# tincd -n rath -D -d
tincd 1.0.31 starting, debug level 1
/dev/net/tun is a Linux tun/tap device (tun mode)
Listening on 0.0.0.0 port 655
Listening on :: port 655
Ready
Trying to connect to ebox (45.79.69.51 port 655)
Connected to ebox (45.79.69.51 port 655)
Connection with ebox (45.79.69.51 port 655) activated
However, as soon as I use a proxy script, the connection fails. This
happens even when the proxy just runs netcat:
# grep '^[^#]' tinc.conf
ConnectTo = ebox
Name = thinkpad
Proxy = exec /etc/tinc/rath/triv_proxy.sh
LocalDiscovery = no
AddressFamily = ipv4
PingTimeout = 10
# cat /etc/tinc/rath/triv_proxy.sh
#!/bin/sh
echo "proxy.sh: connecting to ${NODE} via netcat..." >&2
exec nc "${REMOTEADDRESS}" "${REMOTEPORT}"
# tincd -n rath -D -d 4
tincd 1.0.31 starting, debug level 4
/dev/net/tun is a Linux tun/tap device (tun mode)
Executing script tinc-up
Listening on 0.0.0.0 port 655
Ready
Trying to connect to ebox (45.79.69.51 port 655)
Using proxy /etc/tinc/rath/triv_proxy.sh
Connected to ebox (45.79.69.51 port 655)
proxy.sh: connecting to ebox via netcat...
Got ID from ebox (45.79.69.51 port 655): 0 ebox 17
Sending METAKEY to ebox (45.79.69.51 port 655): 1 421 672 0 0
85F239FFC4CB544F04B4AC16150F90BF8EB648FD2C831A0435D45EC05ECC2594E0C4BEEC03135D0E4499377D8D71C05CF9392D90E8C5710F6E67DD99A2ED3F09FE0B6738D6F7EAF2B1FD62BCD1B330A50F4B6C58DB13168C883A7EB97518AAA7702E00D16132EC81FC8D6F4A839AD131B341F3ADB1AA0B64B7AC2C3F7D6C970CBDA445D7749DA70B554639CD785E87D360863E8EB0C2B0A92D23CA2B6AAF46EBDE57175A9A5ACD01923585FA04C7BE79BC70A4548D675CFC9C6E7D5379453501D27CB4C31DD1AEBAEADDA264DDFBBB38014E2759A58634E873C04B162062D31320AD147C837A105E20204BF082A6FE91CB1B3399123475AEC8BB1DAC6F306D58
Sending 527 bytes of metadata to ebox (45.79.69.51 port 655)
Flushing 527 bytes to ebox (45.79.69.51 port 655)
Connection closed by ebox (45.79.69.51 port 655)
Closing connection with ebox (45.79.69.51 port 655)
Could not set up a meta connection to ebox
Trying to re-establish outgoing connection in 5 seconds
Purging unreachable nodes
On the server, I see:
# tincd -n rath -D -d 4
tincd 1.0.24 (Nov 8 2014 18:45:28) starting, debug level 4
/dev/net/tun is a Linux tun/tap device (tun mode)
Executing script tinc-up
Listening on 0.0.0.0 port 655
Listening on :: port 655
Ready
Connection from 78.53.225.26 port 35902
Sending ID to <unknown> (78.53.225.26 port 35902): 0 ebox 17
Sending 10 bytes of metadata to <unknown> (78.53.225.26 port 35902)
Flushing 10 bytes to <unknown> (78.53.225.26 port 35902)
Got METAKEY from <unknown> (78.53.225.26 port 35902): 1 421 672 0 0
85F239FFC4CB544F04B4AC16150F90BF8EB648FD2C831A0435D45EC05ECC2594E0C4BEEC03135D0E4499377D8D71C05CF9392D90E8C5710F6E67DD99A2ED3F09FE0B6738D6F7EAF2B1FD62BCD1B330A50F4B6C58DB13168C883A7EB97518AAA7702E00D16132EC81FC8D6F4A839AD131B341F3ADB1AA0B64B7AC2C3F7D6C970CBDA445D7749DA70B554639CD785E87D360863E8EB0C2B0A92D23CA2B6AAF46EBDE57175A9A5ACD01923585FA04C7BE79BC70A4548D675CFC9C6E7D5379453501D27CB4C31DD1AEBAEADDA264DDFBBB38014E2759A58634E873C04B162062D31320AD147C837A105E20204BF082A6FE91CB1B3399123475AEC8BB1DAC6F306D58
Unauthorized request from <unknown> (78.53.225.26 port 35902)
Closing connection with <unknown> (78.53.225.26 port 35902)
Purging unreachable nodes
Connection from 78.53.225.26 port 35908
Sending ID to <unknown> (78.53.225.26 port 35908): 0 ebox 17
Sending 10 bytes of metadata to <unknown> (78.53.225.26 port 35908)
Flushing 10 bytes to <unknown> (78.53.225.26 port 35908)
Metadata socket read error for <unknown> (78.53.225.26 port 35908):
Connection reset by peer
Closing connection with <unknown> (78.53.225.26 port 35908)
Purging unreachable nodes
Anyone able to help?
Best,
-Nikolaus
--
GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«