tinc 1.1pre10 "failed to decrypt record" on Windows client
Tim Eggleston
tim.lists at eggleston.ca
Sat Apr 19 01:20:16 CEST 2014
Hi Lance,
> I also have not been able to get Windows clients to play with Linux
> ones on tinc1.1pre10. I sent an email February 11th describing my
> issue, to which the maintainer responded. For the time being I'm using
> 1.1pre9 and hoping the next release is more Windows friendly.
Aha, I had seen your email in the list archives but there was no reply
recorded, I guess it must have gone to you directly?
In any case, it's good to know it's not just me :) I'll try with
1.1pre9.
Cheers,
---tim
> On Apr 18, 2014 5:02 PM, "Tim Eggleston" <tim.lists at eggleston.ca>
> wrote:
>
>> Tinc newbie here so apologies if this is obvious or has been discussed
>> already; I did search but couldn't find anything.
>>
>> I'm testing tinc 1.1pre10 between a Windows 7 client and Linux server.
>> The Linux machine is on the internet and the Windows machine is on my
>> home network behind NAT. I have successfully configured a Linux client
>> on my home network to communicate with the server already so I know
>> the issue isn't the server or my network/NAT config.
>>
>> When attempting to connect to the server, the Windows client throws a
>> "failed to decrypt record" error (output from tincd -D below).
>> Something instinctive is saying this is a key material problem --
>> originally I copied and pasted the keys from notepad into my SSH
>> session to transfer them between machines, and I wondered if a
>> non-printable character or a Windows linebreak had snuck in and messed
>> things up. However I've now copied them directly between hosts using
>> pscp.exe so I don't think it can be that. I'm using both RSA and ECDSA
>> keys, and I believe it defaults to ECDSA usage in this version?
>>
>> Any ideas appreciated! I can provide configs if necessary but this
>> didn't seem like a config problem, per se.
>>
>> Cheers,
>>
>> ---tim
>>
>> **********
>>
>> Output from tincd -D on the Windows machine:
>>
>> c:Program Files (x86)tinc>tincd -D -d 5 -n mesh1
>> tincd 1.1pre10 (Feb 7 2014 22:45:15) starting, debug level 5
>> Tap reader running
>> {2115B7D7-EFBB-468F-89AE-1818CF14091A} (vpn-mesh1) is a Windows tap
>> device
>> Listening on 0.0.0.0 port 655
>> Ready
>> Trying to connect to silverthrone (xxx.xxx.xxx.xxx port 655)
>> Connected to silverthrone (xxx.xxx.xxx.xxx port 655)
>> Sending ID to silverthrone (xxx.xxx.xxx.xxx port 655): 0 capricorn
>> 17.3
>> Sending 17 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port
>> 655)
>> Got ID from silverthrone (xxx.xxx.xxx.xxx port 655): 0 silverthrone
>> 17.3
>> Sending ACK to silverthrone (xxx.xxx.xxx.xxx port 655): 4 655 358
>> 300000c
>> Sending 18 bytes of metadata to silverthrone (xxx.xxx.xxx.xxx port
>> 655)
>> Error while decrypting: error:00000000:lib(0):func(0):reason(0)
>> Failed to decrypt record
>> Closing connection with silverthrone (xxx.xxx.xxx.xxx port 655)
>> Could not set up a meta connection to silverthrone
>>
>> **********
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org
>> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc [1]
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc [1]
Links:
------
[1] http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
More information about the tinc
mailing list