Unauthorized ADD_SUBNET, but known subnet
Ivan Vilata i Balaguer
ivan at selidor.net
Tue May 21 17:23:40 CEST 2013
Hi all,
I'm using a tinc 1.0.19 (from Debian Squeeze) setup with some nodes
connecting to a "server" node which has "StrictSubnets = yes". Whenever
a new node is added to the mesh, a process generates and drops its host
file in the server's host directory before the node is booted and tries
to connect.
For instance, I create a node "node_2" and a host file with the
following subnet is created:
Subnet = fd65:fc41:c50f:2:0:0:0:0/64
When the node boots I see the following messages in tinc's log:
1369133834 tinc.confine[2550]: Connection from 10.241.0.2 port 50858
...
1369133834 tinc.confine[2550]: Connection with node_2 (10.241.0.2 port
50858) activated
...
1369133834 tinc.confine[2550]: Got ADD_SUBNET from node_2 (10.241.0.2
port 50858): 10 3fba6e6f node_2 fd65:fc41:c50f:2:0:0:0:0/64#10
1369133834 tinc.confine[2550]: Ignoring unauthorized ADD_SUBNET from
node_2 (10.241.0.2 port 50858): fd65:fc41:c50f:2:0:0:0:0/64#10
...
1369133834 tinc.confine[2550]: Node node_2 (10.241.0.2 port 655) became
reachable
The node publishes that subnet and the server knows it beforehand from
the existing node host file, but as you can see it still ignores it as
unauthorized so the node is unreachable. Killing the server daemon with
HUP makes everything work, but I expected this not to be necessary.
Surprisingly, replacing the node's public key first in the server then
in the node and restarting the daemon in the node (without touching that
of the server) results in the node getting back online.
Any ideas on why the server needs the HUP?
Thank you very much,
--
Ivan Vilata i Balaguer -- https://elvil.net/
More information about the tinc
mailing list