FW: New issue, configuring 2 Vista nodes behind Norton Internet Security 2010 Firewalls

Alan S. Lawee info at polygration.com
Wed Jul 21 23:58:47 CEST 2010


Finally resolved the problem, I'm actually impressed with the throughput
over the tinc VPN!

I encountered & resolved two problems during this installation.

First, the config files need to go in different places, depending on whether
you run tinc as a service or in the foreground from a Command Prompt running
as Administrator (C:\Program Files\tinc\...) or if you are running tinc in
the foreground from a Command Prompt running as a normal user, even if the
user has administrative privileges (C:\User\AppData\Local\Virtual
Store\Program Files\tinc\...).  It does not seem to matter to tinc which
environment it runs under - you just have to make sure that the VPN & Host
files are in the right place for the environment you choose.

Second, even after tinc was properly configured, the Norton Internet
Security 2010 (NIS 2010) Firewall prevented proper communication in both
directions over the VPN.  We resolved this problem by establishing 'Full
Trust' in the NIS 2010 Network Security Map, both over the Office LAN (for
when both nodes are connected to the Office LAN) and also over the VPN (for
when both nodes are connected to different LANs).  *** NOTE: This did not
start working until we brought down the VPN at each end and started it up
again at both ends.

There were several misleading clues that I came across during the debugging
process - one suggested that the 'Stealth Blocked Packets' feature needed to
be turned off, which turned out to have no effect; the other was a
suggestion from Norton Tech Support (before I was escalated to the software
engineering group) to set up a top-priority rule to allow all traffic in
both directions between two nodes on a local subnet  (There would be up to 2
subnets: The VPN, and the LAN when the remote node attached to the office
LAN.)

Thanks to Peter & Guus for their help along the way.  My next challenge is
to set tinc up on my Windows 7 notebook.

Kind regards to all,
Alan




More information about the tinc mailing list