Connection problems

Ramon Bastiaans ramonbastiaans at eu.spherion.com
Wed Nov 21 11:54:46 CET 2001


My mistake, the keyfile was a wrong keyfile on routerA, should be the one in /usr/local/etc and NOT in /etc.

Sorry to have bothered you guys ;)
  ----- Original Message ----- 
  From: Ramon Bastiaans 
  To: tinc at nl.linux.org 
  Sent: Wednesday, November 21, 2001 11:47 AM
  Subject: Connection problems


  I have been having some problems setting up tinc on 2 masquerading linux slackware boxes.

  routerA is a NAT router to the internet, for two networks on two interfaces. This are the two networks:

  eth1      Link encap:Ethernet  HWaddr 00:E0:4C:6C:6D:86  
            inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:9098636 errors:0 dropped:0 overruns:0 frame:0
            TX packets:9847675 errors:0 dropped:0 overruns:2 carrier:0
            collisions:0 txqueuelen:100 
            RX bytes:2611750715 (2490.7 Mb)  TX bytes:1869985047 (1783.3 Mb)
            Interrupt:10 Base address:0x2000 

  eth2      Link encap:Ethernet  HWaddr 00:E0:4C:6C:63:94  
            inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:82764456 errors:0 dropped:0 overruns:0 frame:0
            TX packets:82696829 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:100 
            RX bytes:294332618 (280.6 Mb)  TX bytes:1305776726 (1245.2 Mb)
            Interrupt:11 Base address:0x4000 

  (there are about 250 eth0 interfaces which I will spare you)

  routerB is a simple masquerading box on a ADSL link. This is the internal network:

  eth1      Link encap:Ethernet  HWaddr 00:02:44:19:AE:8C  
            inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:9786 errors:0 dropped:0 overruns:0 frame:0
            TX packets:9382 errors:0 dropped:0 overruns:0 carrier:0
            collisions:35 
            RX bytes:1312249 (1.2 Mb)  TX bytes:8034730 (7.6 Mb)

  Now I want to create a VPN between 192.168.1.0/24 on routerA and 192.168.2.0/24 on routerB.

  Here is what my config files look like on routerA:

  --- tinc.conf ---
  Name = routerA
  TapDevice = /dev/net/tun
  KeyExpire = 30000000
  PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
  ---------------------
  --- tinc-up ---
  #!/bin/sh
  /sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
  /sbin/ifconfig vpn 192.168.1.1 netmask 255.255.0.0 -arp
  ------------------
  --- hosts/routerA ---
  Address = 123.123.123.123
  Subnet = 192.168.1.0/24
  -----BEGIN RSA PUBLIC KEY-----
  MIGJAoGBAKz4+UIgS849Y1vgzdFCHySgO7MMbM/0i6w87UmB5pLLHDJci9hK7NvZ
  WLxZVOymfFM90KnSPVlrOf+YZgLEzoC5tpBqeN1YUIaG1pV55Df7fshqVOdj3NoH
  y4kHFZpK80USARh45HxpnSfOaaxncUT10OhQkEXad7EEJx+vGut5AgMA//8=
  -----END RSA PUBLIC KEY-----
  ---------------------------
  --- hosts/routerB ---
  Address = 123.123.123.124
  Subnet = 192.168.2.0/24
  -----BEGIN RSA PUBLIC KEY-----
  MIGJAoGBALEzI1Ib1Dbkh6GRZvpmHJos1GfzpJaoDEu/uATNRp0qSRh50WZ0zbar
  St7meuu1lPq9D+/dG0pZWbsPkmr8bUECmi4HpKivK2gIuDQUVHy9O0KtpvHhYa6M
  ZqvJIa0QEIL7YXxc1ftwvQN5N2ergPnv7eTOSnZwWme/0PwJ0Mz9AgMA//8=
  -----END RSA PUBLIC KEY-----
  ---------------------------
  --- rsa_key.priv ---
  -----BEGIN RSA PRIVATE KEY-----
  MIICXAIBAAKBgQCs+PlCIEvOPWNb4M3RQh8koDuzDGzP9IusPO1JgeaSyxwyXIvY
  Suzb2Vi8WVTspnxTPdCp0j1Zazn/mGYCxM6AubaQanjdWFCGhtaVeeQ3+37IalTn
  Y9zaB8uJBxWaSvNFEgEYeOR8aZ0nzmmsZ3FE9dDoUJBF2nexBCcfrxrreQIDAP//
  AoGARoI7TLmq4BpSDJOtOQum8XrqEKQPNsurgr7QkBktb9+Ou+4JRxHBolc4zO9O
  102sVzK3sxDP5rTl9x+8JLkRzUqqvqeYl5LD3C1kyShrlqaAKZe0lvE6Y75mCEm6
  Cf+wJ2kPbflLvJiSIml3oLbf85oYZHLneKE3apyas2oBd18CQQDe4AiIfSiPVrmL
  8HVT+5NQ7mMVQIvJMfiQza0JBEBmpXX6Fq9EDUDJbkvQNZmrWGjfwG3qzVoYaPIa
  Lg/zM92lAkEAxq4+eAjHEVgB0z0aYfOfhWMAFTV75InaUNk79Z4zBs0csBL+6cUW
  5UzMUlSV/Zg171dtXBeKlsX1i3bvlIQWRQJBAKtb5Its3aMKLZRABUUGGip8YtRS
  w4wEooNfVV/bD6q6826p7Yx8yQNne1thATXZIALfwqIgYlxU1DBrCJhhwdMCQGW0
  39c59YEqWjmIZOXBJ83jt5KS73qwu95W0jRRq9iLH9aRz+dit1cgY0gYbNA5lvWX
  6qcrBDCqjphu/ps5KM8CQDB0YKHWUL0IeZP5qwrmVUsEAY+NVxSyCJY7ttLtIaH9
  +I4O6xU0NMzNLppVwEt2w8SRSAloqrX/dnvOb7ZmZOo=
  -----END RSA PRIVATE KEY-----
  -------------------------

  On routerB the host files are exactly the same, only the tinc-up and tinc.conf are different:

  --- tinc.conf ---
  Name = routerB
  TapDevice = /dev/net/tun
  ConnectTo = routerA
  KeyExpire = 30000000
  PrivateKeyFile = /usr/local/etc/tinc/vpn/rsa_key.priv
  --------------------
  --- tinc-up ---
  #!/bin/sh
  /sbin/ifconfig vpn hw ether fe:fd:0:0:0:0
  /sbin/ifconfig vpn 192.168.2.1 netmask 255.255.0.0 -arp
  ------------------
  --- rsa_key.priv ---
  -----BEGIN RSA PRIVATE KEY-----
  MIICWwIBAAKBgQCxMyNSG9Q25IehkWb6ZhyaLNRn86SWqAxLv7gEzUadKkkYedFm
  dM22q0re5nrrtZT6vQ/v3RtKWVm7D5Jq/G1BApouB6SorytoCLg0FFR8vTtCrabx
  4WGujGarySGtEBCC+2F8XNX7cL0DeTdnq4D57+3kzkp2cFpnv9D8CdDM/QIDAP//
  AoGAVtEQow7dazIp1UX95bNkvr2tXgswMi/PFfunt6H5toGqCXPYFzZY71OjJg+5
  UKxrBbMePfZlkTaPuME90UA1FjoWHHxicaHhNqaZ8e0Qwp1/ICOA/ocDrbD5JnmH
  2tZjgzizkoju/Jitd5wR0wNpR1gEzYVgYFNRqNlP7qMGCS8CQQDVnJhzAHCxFoAT
  QXequiFREEY8rX2WdHDdFFoJuxciCa616UwBvppTyeXoDZGbLmDdCXKs9cmMVqfL
  x6dOLIqrAkEA1FzT4VO2Yu28clP6i7yxXdgb0gQdNd5blu2fh7Sl0umsRNQvCZIi
  wAIlM1GEyhPdv4ObzxbogYU4ei7blMUG9wJAbg3PiG8ufiq5vqVlMFZ9KKSvFEnm
  Eb2nM02DgK7oJe1q9BtZx+/eqjGaqBxFtFylPAXuHpHvnEDxS6n0F/aClwJAY4YY
  TexiIMTcmkzXcn4TeTc1WOSIePw61nkYwVi5Iw3nanT+tDHxfP8+YEgvTEcVrcsi
  OvJOTqk2ffEdltjguQJAfeA+PyYVCaAZerDhOJt55T60JmVVaJj2ZOwKYCfxjgfb
  2+NcdxasirbUYfAr8HyZ26dVJV8IgadyTxBpm258Ag==
  -----END RSA PRIVATE KEY-----
  -------------------------

  Here is what happens when I start tincd (tincd -n vpn -d) on both boxes.

  on routerA:
  tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
  last message repeated 2 times
  tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
  tinc.vpn[31183]: Unauthorized request from routerB (123.123.123.124)
  tinc.vpn[31183]: Bogus data received from routerB (123.123.123.124)
  last message repeated 2 times

  on routerB:
  tinc.vpn[889]: 123.123.123.123 port 655: Connection refused
  tinc.vpn[889]: Could not set up a meta connection to 123.123.123.123
  tinc.vpn[901]: Still failed to connect to other, will retry in 10 seconds
  last message repeated 2 times
  last message repeated 4 times
  last message repeated 4 times

  I am sure the key's are allright, I am sure port 655 is open and reachable, I don't get it.
  Does anyone have a idea on what I am doing wrong here?


  Kind regards,

  Ramon Bastiaans.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://brouwer.uvt.nl/pipermail/tinc/attachments/20011121/02d71b72/attachment.html


More information about the Tinc mailing list