tinc1.0pre3

Axel Müller axel.mueller at i2c-systems.com
Mon Jun 26 18:35:29 CEST 2000 

> The strange thing is:
>
>> *** SERVER side log file from startup until sone seconds after
>> connection  was established ***
> [...]
>> Jun 25 21:14:49 lemon tinc.9[21698]: Sending PASSPHRASE to 192.168.9.100
>> (213.54.42.228)
>
> And there it ends. The client seemingly doesn't receive the PASSPHRASE
> request, and doesn't send one back to the server. That's why no real
> connection is made. Could you try to do exactly the same except that you
> try it with indirectdata=no on both sides? I want to know if that makes a
> difference.
I was able to get a connection between client and server where I could ping 
the peer IP (192.168.9.1).
The important thing to note that it worked only if there was NO entry 
regarding "IndirectData" in tincd.conf on the server side. As soon as I put 
either "IndirectData = yes" or "IndirectData = no" I could not ping the
peer IP anymore. As soon as the entry was removed it worked again. On the 
client side I had "IndirectData = yes" all the time.
Hint: On the server side I start tinc with "--net=9" feature in order to be 
able to run several tincs in the furure.

*** SERVER ***

Jun 26 18:07:38 lemon tinc.9[4939]: tincd 1.0pre3 (Jun 26 2000 18:04:16) 
starting, debug level 4
Jun 26 18:07:38 lemon tinc.9[4939]: Generating 128 bits keys
Jun 26 18:07:38 lemon tinc.9[4939]: Ready: listening on port 655
Jun 26 18:08:48 lemon tinc.9[4939]: Connection from 192.168.2.100 port 1058
Jun 26 18:08:48 lemon tinc.9[4939]: Sending BASIC_INFO to 192.168.2.100
Jun 26 18:08:48 lemon tinc.9[4939]: Got request from 0.0.0.0 
(192.168.2.100): 61 7 c0a80963/ffffff00:28f 2
Jun 26 18:08:48 lemon tinc.9[4939]: Got BASIC_INFO from 192.168.2.100
Jun 26 18:08:48 lemon tinc.9[4939]: Opening UDP socket to 192.168.2.100
Jun 26 18:08:48 lemon tinc.9[4939]: Sending PASSPHRASE to 192.168.9.99 
(192.168.2.100)
Jun 26 18:08:48 lemon tinc.9[4939]: Got request from 192.168.9.99 
(192.168.2.100): 62 f3c514e4b3c0355a2e6327c4b9823b4ff580720e16d974a3cc3be9
3683f97b26c6972564a5cc27503d48b56a7e11d29992ec4d963106673c104a0ed5242e35a12
591bcb7c307c0d85b61e9431b021e8d4cd15ee12044f43409caed9794a22c16cd
5e73bba4c64f6df1c20af06a46c659a4900abb
Jun 26 18:08:48 lemon tinc.9[4939]: Got PASSPHRASE from 192.168.9.99 
(192.168.2.100)
Jun 26 18:08:48 lemon tinc.9[4939]: Sending PUBLIC_KEY to 192.168.9.99 
(192.168.2.100)
Jun 26 18:08:48 lemon tinc.9[4939]: Got request from 192.168.9.99 
(192.168.2.100): 63 7ats29v648fhrlw1x1rta6ebk
Jun 26 18:08:48 lemon tinc.9[4939]: Got PUBLIC_KEY from 192.168.9.99 
(192.168.2.100)
Jun 26 18:08:48 lemon tinc.9[4939]: Sending ACK to 192.168.9.99 
(192.168.2.100)
Jun 26 18:08:48 lemon tinc.9[4939]: Connection with 192.168.9.99 
(192.168.2.100) activated
Jun 26 18:09:09 lemon tinc.9[4939]: Got request from 192.168.9.99 
(192.168.2.100): 160 c0a80901 c0a80963
Jun 26 18:09:09 lemon tinc.9[4939]: Got REQ_KEY origin 192.168.9.99 
destination 192.168.9.1 from 192.168.9.99 (192.168.2.100)
Jun 26 18:09:09 lemon tinc.9[4939]: Sending ANS_KEY to 192.168.9.99 
(192.168.2.100)
Jun 26 18:09:09 lemon tinc.9[4939]: packet from 192.168.9.99 (len 96)
Jun 26 18:09:09 lemon tinc.9[4939]: packet to queue: 96
Jun 26 18:09:09 lemon tinc.9[4939]: Sending REQ_KEY to 192.168.9.99 
(192.168.2.100)
Jun 26 18:09:09 lemon tinc.9[4939]: Got request from 192.168.9.99 
(192.168.2.100): 161 c0a80901 c0a80963 962039327 
7ats29v648fhrlw1x1rta6ebkJun 26 18:09:09 lemon tinc.9[4939]: Got ANS_KEY 
origin 192.168.9.99 destination 192.168.9.1 from 192.168.9.99 
(192.168.2.100)
Jun 26 18:09:09 lemon tinc.9[4939]: Flushing receive queue for 192.168.9.99
Jun 26 18:09:09 lemon tinc.9[4939]: queue flushed
Jun 26 18:09:09 lemon tinc.9[4939]: An IP packet (0800) for 192.168.9.99 
from 192.168.9.1
Jun 26 18:09:09 lemon tinc.9[4939]: 00:00:00:00:00:00 to fe:fd:c0:a8:09:01
Jun 26 18:09:09 lemon tinc.9[4939]: Sent 96 bytes to c0a80963
Jun 26 18:09:10 lemon tinc.9[4939]: packet from 192.168.9.99 (len 96)
Jun 26 18:09:10 lemon tinc.9[4939]: An IP packet (0800) for 192.168.9.99 
from 192.168.9.1
Jun 26 18:09:10 lemon tinc.9[4939]: fe:fd:c0:a8:09:01 to fe:fd:c0:a8:09:01
Jun 26 18:09:10 lemon tinc.9[4939]: Sent 96 bytes to c0a80963
Jun 26 18:09:11 lemon tinc.9[4939]: packet from 192.168.9.99 (len 96)
Jun 26 18:09:11 lemon tinc.9[4939]: An IP packet (0800) for 192.168.9.99 
from 192.168.9.1
Jun 26 18:09:11 lemon tinc.9[4939]: fe:fd:c0:a8:09:01 to fe:fd:c0:a8:09:01
Jun 26 18:09:11 lemon tinc.9[4939]: Sent 96 bytes to c0a80963

*** CLIENT ***

Jun 26 18:08:47 pcamueller tinc[22308]: tincd 1.0pre3 (Jun 26 2000 
17:41:45) starting, debug level 4
Jun 26 18:08:47 pcamueller tinc[22308]: Generating 128 bits keys
Jun 26 18:08:47 pcamueller tinc[22308]: Ready: listening on port 655
Jun 26 18:08:47 pcamueller tinc[22308]: Connected to 212.79.9.74:655
Jun 26 18:08:47 pcamueller tinc[22308]: Got request from 0.0.0.0 ((null)): 
61 7 c0a80901/ffffff00:28f 0
Jun 26 18:08:47 pcamueller tinc[22308]: Got BASIC_INFO from (null)
Jun 26 18:08:47 pcamueller tinc[22308]: Opening UDP socket to 212.79.9.74
Jun 26 18:08:47 pcamueller tinc[22308]: Sending BASIC_INFO to (null)
Jun 26 18:08:47 pcamueller tinc[22308]: Got request from 192.168.9.1 
((null)): 62 0e5f6952b4a4deb298a3fff7774887cccaf7cd9bf0c994351796bdb7351
d79bfe0e3f802aa321ee5556b70152efef1e31dd21510ad4aec24069bf72d80b5400529f1be
baf5133167ac0ed0780a6588e22c3cd56e7e929c41abae5ad6a29a764c55669931
525d846b564e4156d9242b14e81c178e29ebd73fb79af8250ad8b3701bd32ab103af14a75e6
9c43df24565cdca7bf010fbee9a9094cb5822a16e5d53d4e18782b89daaed5122b
c4cf20df022cff9c8b2ed44efbf11af2e17dcdc5b6f091e0d1cd6d1645601ee97667bbb20a4
225c6b31033e98f957077379d1d9cfc19271e6b80a97510c85ec3f67e95f6768d9
c82050a427a8944c975cb46b53fe78
Jun 26 18:08:47 pcamueller tinc[22308]: Got PASSPHRASE from 192.168.9.1 
((null))
Jun 26 18:08:47 pcamueller tinc[22308]: Sending PASSPHRASE to 192.168.9.1 
((null))
Jun 26 18:08:47 pcamueller tinc[22308]: Got request from 192.168.9.1 
((null)): 63 4hcpkgh7jji7jfaybgocypsmz
Jun 26 18:08:47 pcamueller tinc[22308]: Got PUBLIC_KEY from 192.168.9.1 
((null))
Jun 26 18:08:47 pcamueller tinc[22308]: Sending PUBLIC_KEY to 192.168.9.1 
((null))
Jun 26 18:08:47 pcamueller tinc[22308]: Got request from 192.168.9.1 
((null)): 1
Jun 26 18:08:47 pcamueller tinc[22308]: Got ACK from 192.168.9.1 ((null))
Jun 26 18:08:47 pcamueller tinc[22308]: Connection with 192.168.9.1 
((null)) activated
Jun 26 18:09:07 pcamueller tinc[22308]: An IP packet (0800) for 192.168.9.1 
from 192.168.9.99
Jun 26 18:09:07 pcamueller tinc[22308]: 00:00:00:00:00:00 to 
fe:fd:c0:a8:09:63
Jun 26 18:09:07 pcamueller tinc[22308]: packet to queue: 88
Jun 26 18:09:07 pcamueller tinc[22308]: Sending REQ_KEY to 192.168.9.1 
((null))
Jun 26 18:09:07 pcamueller tinc[22308]: Got request from 192.168.9.1 
((null)): 161 c0a80963 c0a80901 962039258 4hcpkgh7jji7jfaybgocypsmz
Jun 26 18:09:07 pcamueller tinc[22308]: Got ANS_KEY origin 192.168.9.1 
destination 192.168.9.99 from 192.168.9.1 ((null))
Jun 26 18:09:07 pcamueller tinc[22308]: Flushing send queue for 192.168.9.1
Jun 26 18:09:07 pcamueller tinc[22308]: Sent 96 bytes to c0a80901
Jun 26 18:09:07 pcamueller tinc[22308]: queue flushed
Jun 26 18:09:07 pcamueller tinc[22308]: Got request from 192.168.9.1 
((null)): 160 c0a80963 c0a80901
Jun 26 18:09:08 pcamueller tinc[22308]: fe:fd:c0:a8:09:63 to 
fe:fd:c0:a8:09:63
Jun 26 18:09:08 pcamueller tinc[22308]: Sent 96 bytes to c0a80901
Jun 26 18:09:08 pcamueller tinc[22308]: packet from 192.168.9.1 (len 96)
Jun 26 18:09:09 pcamueller tinc[22308]: An IP packet (0800) for 192.168.9.1 
from 192.168.9.99
Jun 26 18:09:09 pcamueller tinc[22308]: fe:fd:c0:a8:09:63 to 
fe:fd:c0:a8:09:63
Jun 26 18:09:09 pcamueller tinc[22308]: Sent 96 bytes to c0a80901
Jun 26 18:09:09 pcamueller tinc[22308]: packet from 192.168.9.1 (len 96)

Routing for hosts not in VPN subnet still seems not to work properly:
This time I did the test from my office pc and not from the one at home.
In order to test for indirect routing I added a host entry to the routing 
table for host 212.79.58.20 to force IP packets through the VPN server 
(192.168.9.1) rather than through default routing:

root at pcamueller:/etc/tinc > netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
212.79.58.20    192.168.9.1     255.255.255.255 UGH       0 0          0 
tap0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 
eth0
192.168.99.0    0.0.0.0         255.255.255.0   U         0 0          0 
vmnet1
192.168.9.0     0.0.0.0         255.255.255.0   U         0 0          0 
tap0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 
eth0

However you see that for whatever reason tinc does not send packets for 
212.79.58.20 from my PC (VPN IP =192.168.9.99) to the VPN server (VPN 
IP=192.168.9.1):

Jun 26 18:11:36 pcamueller tinc[22308]: An IP packet (0800) for 
212.79.58.20 from 192.168.9.99
Jun 26 18:11:36 pcamueller tinc[22308]: 00:00:00:00:00:00 to 
fe:fd:c0:a8:09:63
Jun 26 18:11:36 pcamueller tinc[22308]: Trying to look up 212.79.58.20 in 
connection list failed!
Jun 26 18:11:37 pcamueller tinc[22308]: An IP packet (0800) for 
212.79.58.20 from 192.168.9.99
Jun 26 18:11:37 pcamueller tinc[22308]: fe:fd:c0:a8:09:63 to 
fe:fd:c0:a8:09:63
Jun 26 18:11:37 pcamueller tinc[22308]: Trying to look up 212.79.58.20 in 
connection list failed!
Jun 26 18:11:38 pcamueller tinc[22308]: An IP packet (0800) for 
212.79.58.20 from 192.168.9.99
Jun 26 18:11:38 pcamueller tinc[22308]: fe:fd:c0:a8:09:63 to 
fe:fd:c0:a8:09:63
Jun 26 18:11:38 pcamueller tinc[22308]: Trying to look up 212.79.58.20 in 
connection

> I have tested a similar setup with indirectdata=no myself, and at least a
> connection is made, and the packets are nicely sent to the uplink instead
> of directly to the destination, and the uplink forwards them properly...
Maybe you check the tinc.conf I used on the CLIENT side. Any typo there?

# Sample tinc configuration file

# This is a comment.
# Lines can have a maximum of 80 characters.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.

# The internet host to connect with
# comment these out to make yourself a listen-only connection
# You may use an IP address or its FQDN.
ConnectTo = 212.79.9.74

# Connect to which port of the `ConnectTo' host

# It is advised that you only connect to ports that are < 1024,
# because some malicious (non-root) user may run a fake tincd on ports
# above 1024.
# The default port is 655, the port that has been assigned to tinc
# by the IANA. If you want tincd to listen on any other port than 655,
# you can use ListenPort for the `server', and ConnectPort for the
# `client'.

# You may use the prefixes 0x or 0 to denote a hexadecimal or octal
# number respectively.
ConnectPort = 655

# Listen on which port
#ListenPort = 655

# Accept incoming connections
AllowConnect = no

# My own VPN IP
# You may use the /nn notation to indicate the number of bits used for
# the mask, /8 is equivalent to the netmask 255.0.0.0 (the first 8
# bits are set to 1).
MyOwnVPNIP = 192.168.9.99/24

# Directory where tinc will look for passphrases
Passphrases = /etc/tinc/passphrases

# Which local file?
# Default is /dev/tap0
TapDevice = /dev/tap0

# Number of seconds of inactivity tinc will wait before sending a probe
# to the other end
PingTimeout=120

IndirectData = yes


At least some progress made this time :-)

-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://ftp.nl.linux.org/pub/linux/tinc/

More information about the Tinc mailing list