Dear tinc-list,
I am a happy tinc user for many years and am using several different VPNs.
However today I was unable to add a new server to my "backbone" VPN. I
hope
it is okay that I write this issue to this list as hours of googling did
not help.
My setup consists of several servers, all tincing happily ever after.
"kallisto" as one of them is happy talking to other servers, and i
want to
add "3data"
however kallisto complains in his syslog:
Error during decryption of meta key for 3data (x.x.x.x port XXXX):
error:04065084:rsa routines:rsa_ossl_private_decrypt:data too large for
modulus
Error while processing METAKEY from 3data (...)
Bogus data received from 3data (...)
Stuff I tried:
- regenerating the keys serveral times, including a smaller 1024 RSA key
- explicit settings for Digest and Cipher
- swapping server & client
Configuration:
- kallisto conf
Name = kallisto
Port = XX
ConnectTo = ganymed
ConnectTo = 3data
- kallisto host file
Address = kallisto...
Port = XX
Subnet = 10.4.2.113/32
-----BEGIN RSA PUBLIC KEY-----
...
- 3data conf:
Name = 3data
Port = XX
- 3data host file:
Address = 3data...
Port = XX
Subnet = 10.4.2.111/32
-----BEGIN RSA PUBLIC KEY-----
...
Both Servers are running tinc version 1.0.31 on Debian 9 (stretch).
The most promising thread was this one: https://www.tinc-vpn.org/
pipermail/tinc/2012-September/003056.html
But I am using neither flag.
Any help is appreciated,
Thanks in advance,
Gerald
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20180803/8b4a356b/attachment.html>