tinc 1.1pre10 "failed to decrypt record" on Windows client

Saverio Proto zioproto at gmail.com
Tue Apr 22 15:55:35 CEST 2014 

Hello Tim,

can you check on the Linux side with sptps_speed if everything is
working as expected ?

We expect something like this:
saverio at nockid:~/SORGENTI/tinc$ ./src/sptps_speed 1
Generating keys for 1 seconds:          19194.23 op/s
ECDSA sign for 1 seconds:               18650.55 op/s
ECDSA verify for 1 seconds:              7253.07 op/s
ECDH for 1 seconds:                      5441.36 op/s
SPTPS/TCP authenticate for 1 seconds:    2569.20 op/s
SPTPS/TCP transmit for 1 seconds:           1.82 Gbit/s
SPTPS/UDP authenticate for 1 seconds:    2552.64 op/s
SPTPS/UDP transmit for 1 seconds:           1.79 Gbit/s
saverio at nockid:~/SORGENTI/tinc$


Saverio

2014-04-19 0:53 GMT+02:00 Tim Eggleston <tim.lists at eggleston.ca>:
> Tinc newbie here so apologies if this is obvious or has been discussed
> already; I did search but couldn't find anything.
>
> I'm testing tinc 1.1pre10 between a Windows 7 client and Linux server. The
> Linux machine is on the internet and the Windows machine is on my home
> network behind NAT. I have successfully configured a Linux client on my home
> network to communicate with the server already so I know the issue isn't the
> server or my network/NAT config.
>
> When attempting to connect to the server, the Windows client throws a
> "failed to decrypt record" error (output from tincd -D below). Something
> instinctive is saying this is a key material problem -- originally I copied
> and pasted the keys from notepad into my SSH session to transfer them
> between machines, and I wondered if a non-printable character or a Windows
> linebreak had snuck in and messed things up. However I've now copied them
> directly between hosts using pscp.exe so I don't think it can be that. I'm
> using both RSA and ECDSA keys, and I believe it defaults to ECDSA usage in
> this version?
>
> Any ideas appreciated! I can provide configs if necessary but this didn't
> seem like a config problem, per se.
>
> Cheers,
>
>  ---tim
>
> **********
>
> Output from tincd -D on the Windows machine:
>
> c:\Program Files (x86)\tinc>tincd -D -d 5 -n mesh1
> tincd 1.1pre10 (Feb  7 2014 22:45:15) starting, debug level 5
> Tap reader running
> {2115B7D7-EFBB-468F-89AE-1818CF14091A} (vpn-mesh1) is a Windows tap device
> Listening on 0.0.0.0 port 655
> Ready
> Trying to connect to silverthrone (xxx.xxx.xxx.xxx port 655)
> Connected to silverthrone (xxx.xxx.xxx.xxx port 655)
> Sending ID to silverthrone (xxx.xxx.xxx.xxx port 655): 0 capricorn 17.3
> Sending 17 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port 655)
> Got ID from silverthrone (xxx.xxx.xxx.xxx port 655): 0 silverthrone 17.3
> Sending ACK to silverthrone (xxx.xxx.xxx.xxx port 655): 4 655 358 300000c
> Sending 18 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port 655)
> Error while decrypting: error:00000000:lib(0):func(0):reason(0)
> Failed to decrypt record
> Closing connection with silverthrone (xxx.xxx.xxx.xxx port 655)
> Could not set up a meta connection to silverthrone
>
> **********
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

More information about the tinc mailing list