tinc 1.1pre10 "failed to decrypt record" on Windows client

Tim Eggleston tim.lists at eggleston.ca
Sat Apr 19 00:53:34 CEST 2014 

Tinc newbie here so apologies if this is obvious or has been discussed 
already; I did search but couldn't find anything.

I'm testing tinc 1.1pre10 between a Windows 7 client and Linux server. 
The Linux machine is on the internet and the Windows machine is on my 
home network behind NAT. I have successfully configured a Linux client 
on my home network to communicate with the server already so I know the 
issue isn't the server or my network/NAT config.

When attempting to connect to the server, the Windows client throws a 
"failed to decrypt record" error (output from tincd -D below). Something 
instinctive is saying this is a key material problem -- originally I 
copied and pasted the keys from notepad into my SSH session to transfer 
them between machines, and I wondered if a non-printable character or a 
Windows linebreak had snuck in and messed things up. However I've now 
copied them directly between hosts using pscp.exe so I don't think it 
can be that. I'm using both RSA and ECDSA keys, and I believe it 
defaults to ECDSA usage in this version?

Any ideas appreciated! I can provide configs if necessary but this 
didn't seem like a config problem, per se.

Cheers,

  ---tim

**********

Output from tincd -D on the Windows machine:

c:\Program Files (x86)\tinc>tincd -D -d 5 -n mesh1
tincd 1.1pre10 (Feb  7 2014 22:45:15) starting, debug level 5
Tap reader running
{2115B7D7-EFBB-468F-89AE-1818CF14091A} (vpn-mesh1) is a Windows tap 
device
Listening on 0.0.0.0 port 655
Ready
Trying to connect to silverthrone (xxx.xxx.xxx.xxx port 655)
Connected to silverthrone (xxx.xxx.xxx.xxx port 655)
Sending ID to silverthrone (xxx.xxx.xxx.xxx port 655): 0 capricorn 17.3
Sending 17 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port 655)
Got ID from silverthrone (xxx.xxx.xxx.xxx port 655): 0 silverthrone 17.3
Sending ACK to silverthrone (xxx.xxx.xxx.xxx port 655): 4 655 358 
300000c
Sending 18 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port 655)
Error while decrypting: error:00000000:lib(0):func(0):reason(0)
Failed to decrypt record
Closing connection with silverthrone (xxx.xxx.xxx.xxx port 655)
Could not set up a meta connection to silverthrone

**********

More information about the tinc mailing list