Unauthorized ADD_SUBNET, but known subnet

[Ivan Vilata i Balaguer]

Ivan Vilata i Balaguer (2013-05-21 17:23:40 +0200) wrote:

> I'm using a tinc 1.0.19 (from Debian Squeeze) setup with some nodes
> connecting to a "server" node which has "StrictSubnets = yes".
> Whenever a new node is added to the mesh, a process generates and
> drops its host file in the server's host directory before the node is
> booted and tries to connect. […]
>
> The node publishes that subnet and the server knows it beforehand from
> the existing node host file, but as you can see it still ignores it as
> unauthorized so the node is unreachable.  Killing the server daemon
> with HUP makes everything work, but I expected this not to be
> necessary.  Surprisingly, replacing the node's public key first in the
> server then in the node and restarting the daemon in the node (without
> touching that of the server) results in the node getting back online.
>
> Any ideas on why the server needs the HUP?
>
> Thank you very much,

Moreover, although it doesn't accept the subnet itself, the server
forwards the ADD_SUBNET to other nodes (in the tests they are on the
same network link and only know the server to which they ConnectTo) so
other nodes can ping the newly added node but the server cannot.  The
problem is that I need to contact services running in the server from
the node. :-/

There's also the question whether forwarding such an untrusted network
makes sense (can it be disabled?), but that's another topic...

Thanks!

-- 
Ivan Vilata i Balaguer -- https://elvil.net/