One of my hosts just rebooted for the first time in ages, and now it won't connect to any other nodes. The log just contains continual "error while decrypting metadata" errors. tincd[8324]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation tincd[8324]: Error while decrypting metadata from fairfield_gw (yy.yy.yy.yy port 655) tincd[8324]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation tincd[8324]: Error while decrypting metadata from rs2 (abc::def port 655) tincd[8324]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation tincd[8324]: Error while decrypting metadata from rs2 (xx.xx.xx.xx port 655) tincd[8324]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation tincd[8324]: Error while decrypting metadata from fairfield_gw (yy.yy.yy.yy port 655) tincd[8324]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation tincd[8324]: Error while decrypting metadata from rs2 (abc::def port 655) tincd[8324]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation tincd[8324]: Error while decrypting metadata from rs2 (xx.xx.xx.xx port 655) tincd[8324]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation I've checked that the keys match. I have version 1.1pre15. Any suggestions? Thanks, Hamish
On 18/10/19 7:30 am, Hamish Moffatt wrote:> One of my hosts just rebooted for the first time in ages, and now it > won't connect to any other nodes. > > The log just contains continual "error while decrypting metadata" errors. > > tincd[8324]: Error while decrypting: error:060A7094:digital envelope > routines:EVP_EncryptUpdate:invalid operation > tincd[8324]: Error while decrypting metadata from fairfield_gw > (yy.yy.yy.yy port 655)This post https://forums.gentoo.org/viewtopic-p-8318236.html?sid=99120772f26c6abcafff9c6c375d6d5e suggests upgrading to 1.1pre17 helps. But I did that and nothing changed. It suggests that an OpenSSL upgrade broke it, which makes sense. I have another host with 1.1pre15 and OpenSSL 1.0.2t working fine though. Should I downgrade to 1.0? I don't remember why I'm running 1.1 to be honest. Hamish
On 18/10/19 9:11 am, Hamish Moffatt wrote:> On 18/10/19 7:30 am, Hamish Moffatt wrote: >> One of my hosts just rebooted for the first time in ages, and now it >> won't connect to any other nodes. >> >> The log just contains continual "error while decrypting metadata" >> errors. >> >> tincd[8324]: Error while decrypting: error:060A7094:digital envelope >> routines:EVP_EncryptUpdate:invalid operation >> tincd[8324]: Error while decrypting metadata from fairfield_gw >> (yy.yy.yy.yy port 655) > > > This post > https://forums.gentoo.org/viewtopic-p-8318236.html?sid=99120772f26c6abcafff9c6c375d6d5e > suggests upgrading to 1.1pre17 helps. But I did that and nothing > changed. It suggests that an OpenSSL upgrade broke it, which makes sense. > > I have another host with 1.1pre15 and OpenSSL 1.0.2t working fine though.Also noted here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923438 Hamish
On Thu, Oct 17, 2019 at 2:09 PM Hamish Moffatt <hamish at moffatt.email> wrote:> One of my hosts just rebooted for the first time in ages, and now it > won't connect to any other nodes.Did you find a solution? What operating system(s) are you running? Which versions of tinc + OpenSSL have the errors? Which don't? If I encountered this problem, I would do the following: 1) Stop tinc on all nodes, then restart tinc. 2) Build tinc from source on each system. Have you already tried either of those? -Parke