FW: Windows 7 support? Should I be able to PING over the VPN?

Alan S. Lawee info at polygration.com
Mon Jul 19 06:44:59 CEST 2010 

Got it working.  Guess I've been staring at the manual for too long.  I
tried it again from scratch & left all of the default values - I think my
problem was putting the RSA Public Key in a separate file instead of letting
it put itself in the Host Configuration File.

Now I'm :-) 

I'll try to get Windows 7 working tomorrow.

Best regards,
Alan

-----Original Message-----
From: Alan S. Lawee [mailto:info at polygration.com] 
Sent: Sunday, July 18, 2010 19:05
To: tinc at tinc-vpn.org
Subject: FW: Windows 7 support? Should I be able to PING over the VPN?

Thanks for the quick reply, Guus.

Well the debug helped a little bit.  So did re-reading the manual again.  I
think I got further ahead, but unfortunately I still cannot quite get to
complete the connection between the two nodes.

It looks like the two nodes are communicating - they seem to be able to
exchange RSA keys & MetaKeys, but for some reason, they start trying to
exchange data on random ports (1361, 1362, 1436, etc.) before the connection
has been completely established and I'm guessing that they might be getting
blocked by Windows Firewall (I did add tinc.exe to the program exception
list, along with port 655 on TCP and on UDP in the Firewall).  There are no
clues in the manual as to why it changes port numbers, but I guess that it's
a security issue.

I still cannot ping the other side on the VPN (192.168.19.0/24), but I guess
that is because the connection was not established. (Ping works fine on
node's side of the VPN and to both sides on the 192.168.17.0/24 subnet)

I am also getting error messages "Cannot route packet from _xxx_ (MYSELF):
unknown IPv4 destination address 192.168.3.255"  The manual mentions that I
should ignore broadcast messages (ending in .255), so I'm not sure if this
message is relevant.

Just in case you want to spend the time looking at them, I have attached
text files of the debug information from each node.  At the end, I have
included the configuration files.  (You will notice that I changed the local
subnet to 196.168.17.0/24 and the VPN subnet to 192.168.19.0/24 from the
ones mentioned in my previous e-mail -- Couldn't hurt to try.)

Thanks again for the help.

-----Original Message-----
From: tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org] On Behalf
Of Guus Sliepen
Sent: Sunday, July 18, 2010 03:38
To: tinc at tinc-vpn.org
Subject: Re: Windows 7 support? Should I be able to PING over the VPN?

On Sun, Jul 18, 2010 at 12:52:59AM -0400, Alan S. Lawee wrote:

> 1.        I see from the archives that Vista support requires downloading
an
> updated TAP driver from OpenVPN.net.  I have just downloaded tinc
> 1.0.13 and was not able to get the TAP driver to work on my Windows 7 
> computer.  Should I assume that 1.0.13 doesn't have the most current 
> TAP driver and I should use the one I downloaded from OpenVPN ?  There 
> seems to be other issues with Windows 7 - the RSA keys are not stored 
> in the same place by default as they are for Windows XP, so there may be
other configuration changes to make.

1.0.13 should contain the exact same TAP driver as with recent versions of
OpenVPN. However, do try out the OpenVPN installer and see if that works.
You need administrator rights to install the TAP driver, try right-clicking
on addtap.bat and select "run as administrator". There is also a 32-bit and
64-bit version, choose the one matching your Windows isntallation.

> 2.       I've installed tinc on two Windows XP systems that are on the
same
> LAN & subnet (192.168.1.0/24), but I configured them both to use a 
> different subnet (192.168.3.0/24).  After adding routes at each end, I 
> am able to ping the local interface on each machine, but not the 
> remote interface.  Does this mean that something is not installed or 
> configured properly, or is this normal behavior?

I think you have misconfigured something. You can start tincd.exe with the
extra options "-d5 -D", this will start tincd in the foreground and will
show you what it is doing. Try to ping then, and see if it shows anything
related to the ping message.

--
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0001.pgp>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00004.txt
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0003.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Debug-OFFICE.txt
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Debug-HOME.txt
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100719/0c4e8869/attachment-0005.txt>

More information about the tinc mailing list