issues connecting to other working sites.
Chris .
chris-message at outlook.com
Thu Mar 29 23:44:03 CEST 2018
I did notice the that interface we have named br-lan did not have the proper broadcast and netmask information. I adjusted that and it looks like its now connecting but still running into issues.
Here is a snipet from the new system we are trying to connect in (from the /var/log/tinc.log file)
2018-03-15 22:57:26 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:57:26 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:57:31 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:57:31 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:57:35 tinc.NETNAME[871]: Got KEY_CHANGED from pfsense201 (PFSENSE201-PUBLICIP port 45305): 14 247954dd pfsense29
2018-03-15 22:57:35 tinc.NETNAME[871]: Forwarding KEY_CHANGED from pfsense201 (PFSENSE201-PUBLICIP port 45305): 14 247954dd pfsense29
2018-03-15 22:57:36 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:57:36 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:57:41 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:57:41 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:57:46 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:57:46 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:57:51 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:57:51 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:57:56 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:57:56 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:57:56 tinc.NETNAME[871]: Trying to connect to pfsense12 (PFSENSE12-PUBLICIP port 655)
2018-03-15 22:57:59 tinc.NETNAME[871]: Error while connecting to pfsense12 (PFSENSE12-PUBLICIP port 655): No route to host
2018-03-15 22:57:59 tinc.NETNAME[871]: Could not set up a meta connection to pfsense12
2018-03-15 22:57:59 tinc.NETNAME[871]: Trying to re-establish outgoing connection in 155 seconds
2018-03-15 22:58:01 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:01 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:06 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:06 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:11 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:11 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:16 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:16 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:21 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:21 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:22 tinc.NETNAME[871]: Got PING from pfsense201 (PFSENSE201-PUBLICIP port 45305): 8
2018-03-15 22:58:22 tinc.NETNAME[871]: Sending PONG to pfsense201 (PFSENSE201-PUBLICIP port 45305): 9
2018-03-15 22:58:22 tinc.NETNAME[871]: Sending 2 bytes of metadata to pfsense201 (PFSENSE201-PUBLICIP port 45305)
2018-03-15 22:58:22 tinc.NETNAME[871]: Flushing 2 bytes to pfsense201 (PFSENSE201-PUBLICIP port 45305)
2018-03-15 22:58:23 tinc.NETNAME[871]: Sending PING to pfsense201 (PFSENSE201-PUBLICIP port 45305): 8
2018-03-15 22:58:23 tinc.NETNAME[871]: Sending 2 bytes of metadata to pfsense201 (PFSENSE201-PUBLICIP port 45305)
2018-03-15 22:58:23 tinc.NETNAME[871]: Flushing 2 bytes to pfsense201 (PFSENSE201-PUBLICIP port 45305)
2018-03-15 22:58:23 tinc.NETNAME[871]: Got MTU probe length 1459 from pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:23 tinc.NETNAME[871]: Got MTU probe length 1459 from pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:23 tinc.NETNAME[871]: Got PONG from pfsense201 (PFSENSE201-PUBLICIP port 45305): 9
2018-03-15 22:58:23 tinc.NETNAME[871]: Got MTU probe length 1459 from pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:25 tinc.NETNAME[871]: Sending MTU probe length 1467 to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:25 tinc.NETNAME[871]: Sending MTU probe length 1459 to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:25 tinc.NETNAME[871]: Sending MTU probe length 1459 to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:25 tinc.NETNAME[871]: Sending MTU probe length 1459 to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:25 tinc.NETNAME[871]: Got MTU probe length 1459 from pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:25 tinc.NETNAME[871]: Got MTU probe length 1459 from pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:25 tinc.NETNAME[871]: Got MTU probe length 1459 from pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:26 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:26 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:31 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:31 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
2018-03-15 22:58:36 tinc.NETNAME[871]: Read packet of 74 bytes from Linux tun/tap device (tun mode)
2018-03-15 22:58:36 tinc.NETNAME[871]: Sending packet of 74 bytes to pfsense201 (PFSENSE201-PUBLICIP port 655)
I changed the /etc/config/tinc file for testing just listed only two sites to connect to. Below is for the new 100 site im trying to connect into the network.
config tinc-net NETNAME
option enabled 1
option logfile /var/log/tinc.log
option debug 5
option AddressFamily ipv4
list ConnectTo pfsense201
list ConnectTo pfsense12
option Name pfsense100
option PrivateKeyFile /etc/tinc/NETNAME/rsa_key.priv
config tinc-host pfsense201
option enabled 1
option net NETNAME
option Address PUBLICIPOFTHISSITEHERE
option Subnet 172.16.201.0/24
config tinc-host pfsense12
option enabled 1
option net NETNAME
list Address PUBLICIPOFTHISSITEHERE
option Subnet 172.16.12.0/24
Summary, it looks like its connecting BUT when I ping I get time out and I cannot visit any http either. I looked at other users issues with connectivity and no ping but cannot determine the issue running wireshark. Any ideas?
Thank you again for the guidance!
Chris
-----Original Message-----
From: tinc [mailto:tinc-bounces at tinc-vpn.org] On Behalf Of Guus Sliepen
Sent: Thursday, March 15, 2018 3:57 PM
To: tinc at tinc-vpn.org<mailto:tinc at tinc-vpn.org>
Subject: Re: issues connecting in other sites
On Thu, Mar 15, 2018 at 03:41:00PM +0000, Chris . wrote:
> I admit that I am not familiar with Tinc very well, but have Tinc running at approximately 20 sites and functioning as a mesh vpn/network. I am having issues adding an additional site as it will not communicate with the rest. I have taken the firmware of one and flashed it on another router to make it duplicate and then tested it working but when I change the hostname, and IP to what we need it to be (in this case 172.16.100.0) it no longer communicates with the rest of the network even though I have the same public key (they all have the same key) as well as adding it to the host folder and tinc config file on every other router. Am I missing something? The current system seems to be working now but having issues to add new.
I suspect you do have an error in your configuration somewhere. Either on the new node, or in the other node(s) that will have connections with the new node. Check for typos.
> Partial file contents of /etc/config/tinc
>
> config tinc-net NETNAME
> option enabled 1
> option logfile /tmp/log/tinc.log
> option debug 1
> option AddressFamily ipv4
>
> list ConnectTo=pfsense2
> list ConnectTo=pfsense4
> list ConnectTo=pfsense12
> list ConnectTo=pfsense201
> list ConnectTo=pfsense11
> list ConnectTo=pfsense1
> list ConnectTo=pfsense19
> list ConnectTo=pfsense7
> list ConnectTo pfsense26
> list ConnectTo pfsense27
> list ConnectTo pfsense100
> option Name pfsense16
I'm no pfsense expert. But why do some lines have ConnectTo=pfsense with a = sign between ConnectTo and pfsense, and other lines have a space instead of the =?
> To be clear (also not sure how it works without it) but tinc.conf is not in the /etc/tinc/NETNAME folder. We can see it in the /tmp/tinc/NETNAME directory only and its contents are below.
> File contents of /tmp/tinc/NETNAME/tinc.conf (this is on the pfsense16
> unit with subnet 172.16.16.0) AddressFamily = ipv4 ConnectTo =
> pfsense26 ConnectTo = pfsense27 Name = pfsense16
I see only two ConnectTo's here, ConnectTo = pfsense100 is missing.
Could that be the problem?
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org<mailto:guus at tinc-vpn.org>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20180329/0f9f52d7/attachment-0001.html>
More information about the tinc
mailing list