Connection problems
Ramon Bastiaans
ramonbastiaans at eu.spherion.com
Wed Nov 21 11:54:46 CET 2001
My mistake, the keyfile was a wrong keyfile on routerA, should be the one in /usr/local/etc and NOT in /etc.
Sorry to have bothered you guys ;)
----- Original Message -----
From: Ramon Bastiaans
To: tinc at nl.linux.org
Sent: Wednesday, November 21, 2001 11:47 AM
Subject: Connection problems
I have been having some problems setting up tinc on 2 masquerading linux slackware boxes.
routerA is a NAT router to the internet, for two networks on two interfaces. This are the two networks:
eth1 Link encap:Ethernet HWaddr 00:E0:4C:6C:6D:86
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9098636 errors:0 dropped:0 overruns:0 frame:0
TX packets:9847675 errors:0 dropped:0 overruns:2 carrier:0
collisions:0 txqueuelen:100
RX bytes:2611750715 (2490.7 Mb) TX bytes:1869985047 (1783.3 Mb)
Interrupt:10 Base address:0x2000
eth2 Link encap:Ethernet HWaddr 00:E0:4C:6C:63:94
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:82764456 errors:0 dropped:0 overruns:0 frame:0
TX packets:82696829 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:294332618 (280.6 Mb) TX bytes:1305776726 (1245.2 Mb)
Interrupt:11 Base address:0x4000
(there are about 250 eth0 interfaces which I will spare you)
routerB is a simple masquerading box on a ADSL link. This is the internal network:
eth1 Link encap:Ethernet HWaddr 00:02:44:19:AE:8C
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9786 errors:0 dropped:0 overruns:0 frame:0
TX packets:9382 errors:0 dropped:0 overruns:0 carrier:0
collisions:35
RX bytes:1312249 (1.2 Mb) TX bytes:8034730 (7.6 Mb)
Now I want to create a VPN between 192.168.1.0/24 on routerA and 192.168.2.0/24 on routerB.
Here is what my config files look like on routerA:
--- tinc.conf ---
Name = routerA
TapDevice = /dev/net/tun
KeyExpire = 30000000
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
---------------------
--- tinc-up ---
#!/bin/sh
/sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
/sbin/ifconfig vpn 192.168.1.1 netmask 255.255.0.0 -arp
------------------
--- hosts/routerA ---
Address = 123.123.123.123
Subnet = 192.168.1.0/24
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAKz4+UIgS849Y1vgzdFCHySgO7MMbM/0i6w87UmB5pLLHDJci9hK7NvZ
WLxZVOymfFM90KnSPVlrOf+YZgLEzoC5tpBqeN1YUIaG1pV55Df7fshqVOdj3NoH
y4kHFZpK80USARh45HxpnSfOaaxncUT10OhQkEXad7EEJx+vGut5AgMA//8=
-----END RSA PUBLIC KEY-----
---------------------------
--- hosts/routerB ---
Address = 123.123.123.124
Subnet = 192.168.2.0/24
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALEzI1Ib1Dbkh6GRZvpmHJos1GfzpJaoDEu/uATNRp0qSRh50WZ0zbar
St7meuu1lPq9D+/dG0pZWbsPkmr8bUECmi4HpKivK2gIuDQUVHy9O0KtpvHhYa6M
ZqvJIa0QEIL7YXxc1ftwvQN5N2ergPnv7eTOSnZwWme/0PwJ0Mz9AgMA//8=
-----END RSA PUBLIC KEY-----
---------------------------
--- rsa_key.priv ---
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCs+PlCIEvOPWNb4M3RQh8koDuzDGzP9IusPO1JgeaSyxwyXIvY
Suzb2Vi8WVTspnxTPdCp0j1Zazn/mGYCxM6AubaQanjdWFCGhtaVeeQ3+37IalTn
Y9zaB8uJBxWaSvNFEgEYeOR8aZ0nzmmsZ3FE9dDoUJBF2nexBCcfrxrreQIDAP//
AoGARoI7TLmq4BpSDJOtOQum8XrqEKQPNsurgr7QkBktb9+Ou+4JRxHBolc4zO9O
102sVzK3sxDP5rTl9x+8JLkRzUqqvqeYl5LD3C1kyShrlqaAKZe0lvE6Y75mCEm6
Cf+wJ2kPbflLvJiSIml3oLbf85oYZHLneKE3apyas2oBd18CQQDe4AiIfSiPVrmL
8HVT+5NQ7mMVQIvJMfiQza0JBEBmpXX6Fq9EDUDJbkvQNZmrWGjfwG3qzVoYaPIa
Lg/zM92lAkEAxq4+eAjHEVgB0z0aYfOfhWMAFTV75InaUNk79Z4zBs0csBL+6cUW
5UzMUlSV/Zg171dtXBeKlsX1i3bvlIQWRQJBAKtb5Its3aMKLZRABUUGGip8YtRS
w4wEooNfVV/bD6q6826p7Yx8yQNne1thATXZIALfwqIgYlxU1DBrCJhhwdMCQGW0
39c59YEqWjmIZOXBJ83jt5KS73qwu95W0jRRq9iLH9aRz+dit1cgY0gYbNA5lvWX
6qcrBDCqjphu/ps5KM8CQDB0YKHWUL0IeZP5qwrmVUsEAY+NVxSyCJY7ttLtIaH9
+I4O6xU0NMzNLppVwEt2w8SRSAloqrX/dnvOb7ZmZOo=
-----END RSA PRIVATE KEY-----
-------------------------
On routerB the host files are exactly the same, only the tinc-up and tinc.conf are different:
--- tinc.conf ---
Name = routerB
TapDevice = /dev/net/tun
ConnectTo = routerA
KeyExpire = 30000000
PrivateKeyFile = /usr/local/etc/tinc/vpn/rsa_key.priv
--------------------
--- tinc-up ---
#!/bin/sh
/sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
/sbin/ifconfig vpn 192.168.2.1 netmask 255.255.0.0 -arp
------------------
--- rsa_key.priv ---
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCxMyNSG9Q25IehkWb6ZhyaLNRn86SWqAxLv7gEzUadKkkYedFm
dM22q0re5nrrtZT6vQ/v3RtKWVm7D5Jq/G1BApouB6SorytoCLg0FFR8vTtCrabx
4WGujGarySGtEBCC+2F8XNX7cL0DeTdnq4D57+3kzkp2cFpnv9D8CdDM/QIDAP//
AoGAVtEQow7dazIp1UX95bNkvr2tXgswMi/PFfunt6H5toGqCXPYFzZY71OjJg+5
UKxrBbMePfZlkTaPuME90UA1FjoWHHxicaHhNqaZ8e0Qwp1/ICOA/ocDrbD5JnmH
2tZjgzizkoju/Jitd5wR0wNpR1gEzYVgYFNRqNlP7qMGCS8CQQDVnJhzAHCxFoAT
QXequiFREEY8rX2WdHDdFFoJuxciCa616UwBvppTyeXoDZGbLmDdCXKs9cmMVqfL
x6dOLIqrAkEA1FzT4VO2Yu28clP6i7yxXdgb0gQdNd5blu2fh7Sl0umsRNQvCZIi
wAIlM1GEyhPdv4ObzxbogYU4ei7blMUG9wJAbg3PiG8ufiq5vqVlMFZ9KKSvFEnm
Eb2nM02DgK7oJe1q9BtZx+/eqjGaqBxFtFylPAXuHpHvnEDxS6n0F/aClwJAY4YY
TexiIMTcmkzXcn4TeTc1WOSIePw61nkYwVi5Iw3nanT+tDHxfP8+YEgvTEcVrcsi
OvJOTqk2ffEdltjguQJAfeA+PyYVCaAZerDhOJt55T60JmVVaJj2ZOwKYCfxjgfb
2+NcdxasirbUYfAr8HyZ26dVJV8IgadyTxBpm258Ag==
-----END RSA PRIVATE KEY-----
-------------------------
Here is what happens when I start tincd (tincd -n vpn -d) on both boxes.
on routerA:
tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
last message repeated 2 times
tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
tinc.vpn[31183]: Unauthorized request from routerB (123.123.123.124)
tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
last message repeated 2 times
on routerB:
tinc.vpn[889]: 123.123.123.123 port 655: Connection refused
tinc.vpn[889]: Could not set up a meta connection to 123.123.123.123
tinc.vpn[901]: Still failed to connect to other, will retry in 10 seconds
last message repeated 2 times
last message repeated 4 times
last message repeated 4 times
I am sure the key's are allright, I am sure port 655 is open and reachable, I don't get it.
Does anyone have a idea on what I am doing wrong here?
Kind regards,
Ramon Bastiaans.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://brouwer.uvt.nl/pipermail/tinc/attachments/20011121/02d71b72/attachment.html
More information about the Tinc
mailing list