Issue using tinc-vpn on Windows Server 1709 with Docker Overlay Network

[Marc Hoersken]

Hello everyone,

Am 20.05.2018 um 20:08 schrieb Marc Hoersken:
> Before upgrading to TAP 9.21.2 I actually tried the old one that is
> bundled with tinc-vpn. Unfortunately that caused more errors on Windows
> Server 1709 and to me it therefore looks like the NDIS6 branch might be
> more stable on that Windows version. But once a new tinc-vpn pre-release
> is out, I will try it with both TAP driver versions.

I now tested this again with tinc 1.1pre16, but it still does not work
correctly with both TAP drivers.
I am currently using the TAP driver that ships with tinc for testing.

The tincd process now automatically detects that the network adapter /
interface was reset and re-initializes all connections.
Unfortunately that brakes the VMSwitch and therefore docker shuts down
the service-based container and retries a few seconds later.

That way I am now stuck in an endless loop like this:

 1. Tinc VPN daemon starts and allows network connections.
 2. Docker daemon connects to Swarm master.
 3. Docker daemon gets instructions from Swarm to start a new container
    that is connected to the Tinc VPN network.
 4. Docker daemon creates a VMSwitch assigned to the Tinc VPN network
    and tries to start the container.
 5. The creation of the VMSwitch causes Windows to reset the Tinc VPN
    adapter / interface.
 6. Docker daemon looses connection to Swarm master.
 7. Tinc VPN detects the reset and restarts. This breaks the VMSwitch.
 8. Docker daemon detects that the VMSwitch was not setup correctly and
    shuts down the container.
 9. Loop back to step 2.

Would it help to send the tinc debug log on level 255 to this list? Does
it contain sensitive information / key material?

Could I send a reduced log to someone specific for further
investigation? Thanks in advance.

Best regards,
Marc