tinc bug (bogus connection)
Luke Kenneth Casson Leighton
lkcl at samba-tng.org
Thu Nov 6 21:55:39 CET 2003
On Thu, Nov 06, 2003 at 05:51:27PM +0100, Guus Sliepen wrote:
> > oh, poot, _now_ he tells me :)
>
> Well it says on the homepage that CABAL is the development branch... :)
i a bit fik, i read fings with big letters.
> > > 1.0.2_2? Our latest release is 1.0.1, so that can't be true.
> >
> > the _2 is a debian thing: it means the maintainer's second
> > published repackaging attempt of the N.N.N (in this case 1.0.1)
> > developer's
>
> Well the first part, 1.0.2, is bogus because it hasn't been released,
> and second of all, the debian revision is separated from the upstream
> version number by a dash (-), not an underscore (_).
my mistake, i meant 1.0.1-2 (but i am building myself a "fake" version
of 1.0.1-3).
> > > > "Cannot route packet: unknown IPv4 destination address 192.168.1.201"
> > >
> > > That means you are missing a Subnet statement that covers that address.
> >
> > yes, i sort-of figured that out, sort-of.
> >
> > by switching off the security, i get a subnet added (but still no
> > data routed).
>
> What do you mean, switching off the security?
--bypass-security.
i then get successful subnet creation, add_nodes and all that.
[but still only occasionally even then - i think maybe once
out of trying for over a week - get a successful VPN link
created]
so, by using the option --bypass-security i can get the two tinc
daemons to recognise each other.
without setting the --bypass-security option, they get as far as
the CHAL_RESP phase but the recipient does not see the CHAL_RESP
packet.
... perhaps i should describe my setup to you?
i have two networks, one is on an ADSL line and there is a vigor 2600
handling the connection and providing NAT and a subnet, 192.168.1.0/24.
the other is a ppp connection 56k modem (yuk) and it is on a subnet
192.168.0.0/24.
the vigor-2600 is really cool, it's actually linux on a mips processor
embedded with flash ram and it does NAT and MASQ [and i have
disabled the IPsec VPN PPTPd it comes with by default]
i have enabled both TCP and UDP incoming and outgoing of port 655 on
the vigor 2600.
i have also set _two_ separate NAT rules - one for TCP and one for UDP -
to get a host (jekyl) to be the recipient of all tinc traffic.
on my ppp dialup i have masquerading, a firewally with selected
outgoing services allowed and most incoming ones disabled except
for udp and tcp on port 655 and also ssh.
[you know, i think i am going to abandon firewall-easy and fwbuilder
and end up writing the rules by hand. again.]
... do you want the tinc config files?
l.
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/
More information about the Tinc
mailing list