tinc bug (bogus connection)

Luke Kenneth Casson Leighton lkcl at samba-tng.org
Thu Nov 6 21:55:39 CET 2003 

On Thu, Nov 06, 2003 at 05:51:27PM +0100, Guus Sliepen wrote:

> >  oh, poot, _now_ he tells me :)
> 
> Well it says on the homepage that CABAL is the development branch... :)
 
 i a bit fik, i read fings with big letters.

> > > 1.0.2_2? Our latest release is 1.0.1, so that can't be true.
> > 
> >  the _2 is a debian thing: it means the maintainer's second
> >  published repackaging attempt of the N.N.N (in this case 1.0.1)
> >  developer's 
> 
> Well the first part, 1.0.2, is bogus because it hasn't been released,
> and second of all, the debian revision is separated from the upstream
> version number by a dash (-), not an underscore (_). 

 my mistake, i meant 1.0.1-2 (but i am building myself a "fake" version
 of 1.0.1-3).

> > > > "Cannot route packet: unknown IPv4 destination address 192.168.1.201"
> > > 
> > > That means you are missing a Subnet statement that covers that address.
> > 
> >  yes, i sort-of figured that out, sort-of.
> >  
> >  by switching off the security, i get a subnet added (but still no
> >  data routed).
> 
> What do you mean, switching off the security?

 --bypass-security.

 i then get successful subnet creation, add_nodes and all that.

 [but still only occasionally even then - i think maybe once
  out of trying for over a week - get a successful VPN link
  created]

 so, by using the option --bypass-security i can get the two tinc
 daemons to recognise each other.

 without setting the --bypass-security option, they get as far as
 the CHAL_RESP phase but the recipient does not see the CHAL_RESP
 packet.

 ... perhaps i should describe my setup to you?

 i have two networks, one is on an ADSL line and there is a vigor 2600
 handling the connection and providing NAT and a subnet, 192.168.1.0/24.

 the other is a ppp connection 56k modem (yuk) and it is on a subnet
 192.168.0.0/24.

 the vigor-2600 is really cool, it's actually linux on a mips processor
 embedded with flash ram and it does NAT and MASQ [and i have
 disabled the IPsec VPN PPTPd it comes with by default]

 i have enabled both TCP and UDP incoming and outgoing of port 655 on
 the vigor 2600.

 i have also set _two_ separate NAT rules - one for TCP and one for UDP -
 to get a host (jekyl) to be the recipient of all tinc traffic.

 on my ppp dialup i have masquerading, a firewally with selected
 outgoing services allowed and most incoming ones disabled except
 for udp and tcp on port 655 and also ssh.

 [you know, i think i am going to abandon firewall-easy and fwbuilder
  and end up writing the rules by hand.  again.]

 ... do you want the tinc config files?

 l.

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list