connection error by more than 4 nodes

Guus Sliepen guus at tinc-vpn.org
Sat Dec 18 23:44:17 CET 2010 

On Sat, Dec 18, 2010 at 07:54:16PM +0100, deep_eye wrote:

> Hello again, now we have upgraded all tinc-nodes + master to version 1.0.13 and a completely new config generated.
> 
> master: has public ip-adress + tinc-port is reachable from internet, has public keys from all nodes
> nodes: behind nat-routers, no port-forwarding enabled, has public keys from all nodes+master

And the master is still a Linux machine, and the clients are running on
Windows?

> node-host-file:
> IndirectData = yes

You do not need to set this option with 1.0.13.

> If 3 nodes are connected with the master, than the fourth node (regardless of which) has a problem:
> 1292443976 tinc.gaming[32450]: Error during decryption of meta key for node09 (188.22.118.129 port 60114)
> 1292443976 tinc.gaming[32450]: Error while processing METAKEY from node09 (188.22.118.129 port 60114)

Still that problem... very strange. Can you install valgrind and run tinc as
follows on the master?

valgrind -v --log-file=valgrind.log tincd -n gaming -d5 -D --logfile=tinc.log

Try connecting the fourth node a few times, then quit tincd on the master and
send me the two log file.

> My question: is it possible with tinc to connect all hosts without enable port-forwarding?

At least one node in the VPN must have a known address and port for the others
to connect to. However, after they are connected they can each exchange VPN
traffic with all other nodes.

> I have tested the config with my linux host and kvm. With kill -USR2 i saw,
> that all nodes have connections to the master but none to it's neighbor node.

The list of Edges only represents the meta connections created due to the
ConnectTo statements. It does not reflect whether nodes can exchange VPN
traffic with each other.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20101218/47c40efa/attachment.pgp>

More information about the tinc mailing list