tinc 1.1pre10 "failed to decrypt record" on Windows client

Tim Eggleston tim.lists at eggleston.ca
Sat Apr 19 01:20:16 CEST 2014


Hi Lance,

> I also have not been able to get Windows clients to play with Linux 
> ones on tinc1.1pre10. I sent an email February 11th describing my 
> issue, to which the maintainer responded. For the time being I'm using 
> 1.1pre9 and hoping the next release is more Windows friendly.

Aha, I had seen your email in the list archives but there was no reply 
recorded, I guess it must have gone to you directly?

In any case, it's good to know it's not just me :) I'll try with 
1.1pre9.

Cheers,

  ---tim


> On Apr 18, 2014 5:02 PM, "Tim Eggleston" <tim.lists at eggleston.ca> 
> wrote:
> 
>> Tinc newbie here so apologies if this is obvious or has been discussed 
>> already; I did search but couldn't find anything.
>> 
>> I'm testing tinc 1.1pre10 between a Windows 7 client and Linux server. 
>> The Linux machine is on the internet and the Windows machine is on my 
>> home network behind NAT. I have successfully configured a Linux client 
>> on my home network to communicate with the server already so I know 
>> the issue isn't the server or my network/NAT config.
>> 
>> When attempting to connect to the server, the Windows client throws a 
>> "failed to decrypt record" error (output from tincd -D below). 
>> Something instinctive is saying this is a key material problem -- 
>> originally I copied and pasted the keys from notepad into my SSH 
>> session to transfer them between machines, and I wondered if a 
>> non-printable character or a Windows linebreak had snuck in and messed 
>> things up. However I've now copied them directly between hosts using 
>> pscp.exe so I don't think it can be that. I'm using both RSA and ECDSA 
>> keys, and I believe it defaults to ECDSA usage in this version?
>> 
>> Any ideas appreciated! I can provide configs if necessary but this 
>> didn't seem like a config problem, per se.
>> 
>> Cheers,
>> 
>> ---tim
>> 
>> **********
>> 
>> Output from tincd -D on the Windows machine:
>> 
>> c:Program Files (x86)tinc>tincd -D -d 5 -n mesh1
>> tincd 1.1pre10 (Feb 7 2014 22:45:15) starting, debug level 5
>> Tap reader running
>> {2115B7D7-EFBB-468F-89AE-1818CF14091A} (vpn-mesh1) is a Windows tap 
>> device
>> Listening on 0.0.0.0 port 655
>> Ready
>> Trying to connect to silverthrone (xxx.xxx.xxx.xxx port 655)
>> Connected to silverthrone (xxx.xxx.xxx.xxx port 655)
>> Sending ID to silverthrone (xxx.xxx.xxx.xxx port 655): 0 capricorn 
>> 17.3
>> Sending 17 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port 
>> 655)
>> Got ID from silverthrone (xxx.xxx.xxx.xxx port 655): 0 silverthrone 
>> 17.3
>> Sending ACK to silverthrone (xxx.xxx.xxx.xxx port 655): 4 655 358 
>> 300000c
>> Sending 18 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port 
>> 655)
>> Error while decrypting: error:00000000:lib(0):func(0):reason(0)
>> Failed to decrypt record
>> Closing connection with silverthrone (xxx.xxx.xxx.xxx port 655)
>> Could not set up a meta connection to silverthrone
>> 
>> **********
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc [1]
> 
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc [1]


Links:
------
[1] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc


More information about the tinc mailing list