"Unauthorized request" messages after tinc update

Guus Sliepen guus at tinc-vpn.org
Wed Sep 25 21:24:29 CEST 2013


On Wed, Sep 25, 2013 at 09:37:54AM -0700, Nikolaus Rath wrote:

> > That's very strange. It looks like there is a PING message in a buffer
> > somewhere that is being received by ebox instead of the ID message. I have
> > never seen this before...
[...]
> > Which version of tinc is thinkpad running? Could you run tincd there as well
> > with -d4, and copy&paste the log from that one as well when the
> > problem occurs?
> 
> Here you go (note that the ebox times are UTC, but the hspc times are Europe/Berlin):

Ok, so this is where ebox gets a PING request during authentication:

> 2013-09-24 07:41:48 tinc.rath[28298]: Got PING from hspc (87.173.107.130 port 57503): 8
> 2013-09-24 07:41:48 tinc.rath[28298]: Unauthorized request from hspc (87.173.107.130 port 57503)

And here is the culprit:

> 2013-09-24 09:41:48 tinc.rath[1413]: Got ALRM signal
> 2013-09-24 09:41:48 tinc.rath[1413]: Flushing event queue
> 2013-09-24 09:41:48 tinc.rath[1413]: Sending PING to ebox (23.92.25.96 port 655): 8

Tinc is responding to the ALRM signal by sending a PING to all nodes it has a
meta connection to. It is of course a bug to do this for connections that have
not finished authenticating yet, I have fixed it now. Unfortunately, there is
no workaround, for 1.0.16 or 1.0.19, except for not sending ALRM signals to
tinc (but I assume you have a good reason for doing so).

On Mon, 26 Aug 2013 18:57:42 -0700, Nikolaus Rath wrote:

> I recently upgraded the two other clients from tinc 1.0.11 to tinc 1.0.16.

And indeed the reason that you see this bug now is because it was introduced in
1.0.12. Anyway, thank you for patiently waiting for the error to occur again
and logging everything!

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130925/040b381d/attachment.sig>


More information about the tinc mailing list