using both ConnectTo and AutoConnect to avoid network partitions

[Nirmal Thacker]

Thanks Guus

I have one more question.

- We see several log messages that we dont currently understand - Can you
comment on what they mean and if they are concerning? I've obfuscated IP's
and node names so please ignore those. Our tinc daemon command is: tincd -n
<vpn name>

-- Received short packet
-- Got REQ_KEY from node003 while we already started a SPTPS session!
-- Invalid packet seqno: 7951 != 1 from node003 (22.22.22.22 port 655)
-- Failed to verify SIG record from node003 (22.22.22.22 port 655)
-- message repeated 3 times: [ Received short packet]
-- Metadata socket read error for node004 (33.33.33.33 port 655):
Connection reset by peer
-- Failed to decrypt and verify packet from node005 (44.44.44.44 port 655)

   -nirmal

On Tue, Aug 22, 2017 at 11:08 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:

> On Tue, Aug 22, 2017 at 03:19:18PM -0700, Nirmal Thacker wrote:
>
> > - How do we patch 1.1pre14 with this fix? Or will there be a 1.1pre15 to
> > upgrade to?
>
> There will be an 1.1pre15, but if you want you can apply the following
> commit:
>
> https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff;h=
> 92fdabc439bdb5e16f64a4bf2ed1deda54f7c544
>
> > - What is the workaround until we patch with this fix? Using a
> combination
> > of AutoConnect and ConnectTo?
>
> Yes.
>
> > - When we use ConnectTo, is it mandatory to have a cert file in the
> hosts/*
> > dir with an IP to ConnectTo ?
>
> Yes. Tinc always needs the public key of a peer and an Address in order
> to be able to connect to it.
>
> --
> Met vriendelijke groet / with kind regards,
>      Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170823/d679b907/attachment.html>