Error during decryption of meta key
Martin Schürrer
martin at schuerrer.org
Sun Sep 30 02:12:33 CEST 2012
Yes I can share the config, but there's nothing really interesting in
there. I talked it through in IRC with guus.
I've patched tinc (https://github.com/gsliepen/tinc/pull/3) to output
more details about encryption errors and here's what I've got:
Sep 30 02:10:04 schuerrer tinc.msch[16018]: Error during decryption of
meta key for iMartin (95.211.195.1 port 56904)
error:00000000:lib(0):func(0):reason(0)
Sep 30 02:10:04 schuerrer tinc.msch[16018]: Error while processing
METAKEY from iMartin (95.211.195.1 port 56904)
I've found some info about that here http://pureftpd.sourceforge.net/FAQ
Any ideas what this means?
Thanks,
Martin
On Sat, Sep 29, 2012 at 8:58 PM, Adam Del Vecchio
<adam at adamdelvecchio.name> wrote:
> Would we be able to see your tinc configuration from the servers and clients?
>
> Sent from my iPhone
>
> On Sep 29, 2012, at 12:36, Martin Schürrer <martin at schuerrer.org> wrote:
>
>> Hi,
>>
>> I've got a relatively simple tinc setup.
>>
>> I've got two "servers" that are on the public internet that act as
>> routers for three "clients" that are behind NATs.
>>
>> Those servers are called aaaaa and bbbbb the clients are xxxxx, yyyyy and zzzzz
>>
>> Unfortunatly the servers have problems accepting a connection from the clients
>>
>> syslog on aaaaa:
>> Sep 29 18:28:58 schuerrer tinc.msch[4346]: Error during decryption of
>> meta key for xxxxx (81.10.. port 56999)
>> Sep 29 18:28:58 schuerrer tinc.msch[4346]: Error while processing
>> METAKEY from xxxxx (81.10.. port 56999)
>> Sep 29 18:29:23 schuerrer tinc.msch[4346]: Error during decryption of
>> meta key for xxxxx (81.10.. port 57003)
>> Sep 29 18:29:23 schuerrer tinc.msch[4346]: Error while processing
>> METAKEY from xxxxx (81.10.. port 57003)
>> Sep 29 18:29:50 schuerrer tinc.msch[4346]: Error during decryption of
>> meta key for yyyyy (86.56.. port 33167)
>> Sep 29 18:29:50 schuerrer tinc.msch[4346]: Error while processing
>> METAKEY from yyyyy (86.56.. port 33167)
>> Sep 29 18:29:53 schuerrer tinc.msch[4346]: Error during decryption of
>> meta key for xxxxx (81.10.. port 57004)
>> Sep 29 18:29:53 schuerrer tinc.msch[4346]: Error while processing
>> METAKEY from xxxxx (81.10.. port 57004)
>>
>>
>> here's the output of USR2 on zzzzz:
>>
>> Statistics for Generic BSD tun device /dev/tun1:
>> total bytes in: 57750
>> total bytes out: 86210
>> Nodes:
>> bbbbb at 199.167.. port 655 cipher 427 digest 64 maclength 4
>> compression 0 options c status 001a nexthop bbbbb via bbbbb pmtu 1518
>> (min 0 max 1518)
>> yyyyy at 86.56.. port 655 cipher 0 digest 0 maclength 0 compression 0
>> options c status 0018 nexthop bbbbb via yyyyy pmtu 1518 (min 0 max
>> 1518)
>> aaaaa at 188.40.. port 655 cipher 427 digest 64 maclength 4
>> compression 0 options c status 001a nexthop aaaaa via aaaaa pmtu 1518
>> (min 0 max 1518)
>> zzzzz at MYSELF cipher 0 digest 0 maclength 0 compression 0 options c
>> status 0018 nexthop zzzzz via zzzzz pmtu 1518 (min 0 max 1518)
>> xxxxx at 81.10.. port 655 cipher 0 digest 0 maclength 0 compression 0
>> options c status 0018 nexthop bbbbb via xxxxx pmtu 1518 (min 0 max
>> 1518)
>> End of nodes.
>> Edges:
>> bbbbb to yyyyy at 86.56.. port 655 options c weight 864
>> bbbbb to aaaaa at 188.40.. port 655 options c weight 1028
>> bbbbb to zzzzz at 95.211.. port 655 options c weight 1224
>> bbbbb to xxxxx at 81.10.. port 655 options c weight 847
>> yyyyy to bbbbb at 199.167.197.209 port 655 options c weight 864
>> aaaaa to bbbbb at 199.167.197.209 port 655 options c weight 1028
>> aaaaa to zzzzz at 95.211.. port 655 options c weight 237
>> zzzzz to bbbbb at 199.167.197.209 port 655 options c weight 1224
>> zzzzz to aaaaa at 188.40.. port 655 options c weight 237
>> xxxxx to bbbbb at 199.167.197.209 port 655 options c weight 847
>> End of edges.
>> Subnet list:
>> 172.20.0.1/32#10 owner zzzzz
>> 172.20.0.10/32#10 owner aaaaa
>> 172.20.0.11/32#10 owner bbbbb
>> 172.20.0.20/32#10 owner aaaaa
>> 172.20.0.51/32#10 owner yyyyy
>> 172.20.0.52/32#10 owner xxxxx
>> End of subnet list.
>>
>> Any ideas on what the reason for this could be? I tried generating new
>> keys, that didn't help.
>>
>> tinc versions are:
>> aaaaa 1.0.19
>> bbbbb 1.0.18
>> xxxxx 1.0.18
>> yyyyy 1.0.19
>> zzzzz 1.0.19
>>
>> Thanks,
>> Martin Schuerrer
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
More information about the tinc
mailing list