Tinc1.0pre4 & kernel 2.4.5 & tun/tap - Correction

Igor Belokopytov igor.belokopytov at computalog.com
Thu Jul 12 21:46:44 CEST 2001 

 Hello !

I got another problem :(
For final testing I used static binary from your server
tincd-1.0pre4-i386-static
I have 2 hosts  "test" (VPN "server") and  "comguard" (VPN "client"). Both have
kernel 2.2.17 and ethertap interface. "comguard" has also running tincd-1.0pre2

"test" /etc/tinc/test4/tinc.conf
Name = test
PrivateKeyFile = /etc/tinc/test4/rsa_key.priv
TapDevice = /dev/tap0
KeyExpire = 120

"comguard" /etc/tinc/test4/tinc.conf
Name = comguard
ConnectTo = test
PrivateKeyFile = /etc/tinc/test4/rsa_key.priv
TapDevice = /dev/tap2
KeyExpire = 120

hosts file are the same on bost hosts
/etc/tinc/test4/hosts/test
Subnet = 10.168.99.0/24
Port = 8195
Address = 10.38.9.221
----- BEGIN RSA ... ... ...

/etc/tinc/test4/hosts/test
Subnet = 10.168.9.0/24
Port = 8195
Address = 10.38.9.8
----- BEGIN RSA ... ... ...

"test" /sbin/init.d/tinc-up
 #!bin/sh
 insmod ethertap -o "ethertap0" unit=0
 ifconfig tap0 hw ether fe:fd:00:00:00:00
 ifconfig tap0 10.168.99.221 netmask 255.255.0.0 -arp
 tincd-1.0pre4-i386-static --net=test4 -ddddd

 "comguard" /sbin/init.d/tinc-up
 #!bin/sh
 insmod ethertap -o "ethertap2" unit=2
 ifconfig tap2 hw ether fe:fd:00:00:00:00
 ifconfig tap2 10.168.9.8 netmask 255.255.0.0 -arp
 tincd-1.0pre4-i386-static --net=test4 -ddddd

  First time VPN works perfect, I use on host "test" "ping 10.168.9.8" and on
host "comguard" "tcpdump  -i tap2 -n"  for monitoring connection.

  In 2 minutes I get messages
Jul 12 13:28:34 test tinc.test4[8754]: Regenerating symmetric key
Jul 12 13:28:41 comguard tinc.test4[4867]: Regenerating symmetric key

 After key regeneration  VPN connection between "test" and "comguard" doesn't
work
On "comguard" tcpdump shows
 16:23:12.530000 c3:20:5a:66:d9:f1 fe:fd:0:0:0:0 6aab 1062:
                         3494 8e16 ec21 4c62 0a58 7296 3bab a57a
                         d03e 5c34 78ca ff07 de8a dfdc b4eb 0c80
                         5024 300a 6943 1d5f c734 7dd1 5a29 f3fb
                         5d72 92dc 8204
16:23:13.530000 c3:fb:cb:15:70:59 fe:fd:0:0:0:0 742e 1062:
                         19e8 ba51 26a9 912c dcc4 6a94 14d7 8b12
                         6d8c 1739 aec1 a569 2863 56e6 44b8 ef4f
                         6220 80c5 7e27 ec26 1763 6e79 c9ca d34b
                         3d8f 5f20 b3e2

 If I ping 10.168.99.221 ("comguard" -> "test") I also get no reply on
"comguard" but on "test" tcpdump shows -
16:19:34.010000 10.168.99.221 > 10.168.9.8: icmp: echo request
16:19:34.010000 10.168.9.8 > 10.168.99.221: icmp: echo reply
16:19:35.020000 10.168.99.221 > 10.168.9.8: icmp: echo request
16:19:35.020000 10.168.9.8 > 10.168.99.221: icmp: echo reply
16:19:36.020000 10.168.99.221 > 10.168.9.8: icmp: echo request

At the same time on "comguard" tcpdump shows -
21:24:12.930000 10.168.9.8 > 10.168.99.221: icmp: echo request
21:24:12.940000 71:26:c6:45:e6:9c fe:fd:0:0:0:0 121c 94:
                         8a16 cd4a bd96 28d1 8b6f 8d4e 74d4 eb32
                         c8d6 7cc6 852f acad 2df3 7c5f 0b92 a5fd
                         eea0 56a7 3516 49ad 45d1 bf69 e802 1d6c
                         1bfb 6c8f c749
21:24:13.940000 10.168.9.8 > 10.168.99.221: icmp: echo request
21:24:13.950000 bb:8f:0:85:2:b2 fe:fd:0:0:0:0 a0ac 94:
                         1658 6330 08be 9d7c e0e0 d5b2 87ab 51a3
                         69aa 4432 6f11 fb64 70e4 4af5 66cc b59e
                         47d1 bbf7 3429 f2e6 806b c6c1 c76f 926b
                         06b7 c03a 8f6b

With default "KeyExpire" settings I have no such problem with your static binary
module, but I have the same problem with module built from sources (dynamic and
static).
As I understand for building tincd I need anly your sources and libcrypto.a  ?

 Sincerely,
 Igor Belokopytov




-
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list