--bypass-security?
Shashank Khanvilkar
shashank at mia.ece.uic.edu
Wed Jul 23 18:50:40 CEST 2003
On Tue, Jul 22, 2003 at 05:25:37PM -0500, Shashank Khanvilkar wrote:
>> How do i make tinc daemon transparently pass the packets (without
>> encryption/authentication) to the peer. I tried using the
>> bypass-security option, but when i capture the packets on the ethernet
>> inetrface (using tcpdump), I do not see the plaintext version.
>The tincd manpage is not clear about this, but --bypass-security only
>disables authentication and encryption of the TCP connections. To
>prevent encryption of the rest add this to the host config files:
>Cipher = none
>Digest = none
I tried this out too.. But my client (with openSSL 0.9.7a) aborts with a
segmentation fault..
You can find my configuration at
http://mia.ece.uic.edu/~papers/volans/tincd1.html
In both the host configuration files, i have specified Cipher, Digest as
"none" and Compression as 0.
Here is the core dump from gdb:
----------------------------------------------------------------------------
-----------
[shashank at mia hosts]# gdb tincd core.4172
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Core was generated by `tincd -n testVPN --debug=5 -D'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypto.so.4...done.
Loaded symbols for /lib/libcrypto.so.4
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/i686/libc.so.6...done.
Loaded symbols for /lib/i686/libc.so.6
Reading symbols from /usr/kerberos/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/kerberos/lib/libgssapi_krb5.so.2
Reading symbols from /usr/kerberos/lib/libkrb5.so.3...done.
Loaded symbols for /usr/kerberos/lib/libkrb5.so.3
Reading symbols from /usr/kerberos/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/kerberos/lib/libk5crypto.so.3
Reading symbols from /usr/kerberos/lib/libcom_err.so.3...done.
Loaded symbols for /usr/kerberos/lib/libcom_err.so.3
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0 0x0804e51a in setup_myself () at net_setup.c:409
409 EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL,
myself->key, myself->key + myself->cipher->key_len);
--------------------------------------------------------------------------
Please let me know if you need more information.
Shashank
----- Original Message -----
From: "Guus Sliepen" <guus at sliepen.eu.org>
To: <tinc at nl.linux.org>
Cc: "Shashank Khanvilkar" <shashank at mia.ece.uic.edu>
Sent: Wednesday, July 23, 2003 2:46 AM
Subject: Re: --bypass-security?
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list