Tons of "Failed to decrypt and verify packet"
Lance Fredrickson
lancethepants at gmail.com
Tue Mar 11 21:50:14 CET 2014
On 3/11/2014 2:43 PM, Guus Sliepen wrote:
> On Sun, Mar 09, 2014 at 01:16:19PM -0600, Lance Fredrickson wrote:
>
>> Yes, this was my problem. All my nodes including my single windows node
>> were all running 1.1pre10. In this scenario my windows node would not
>> connect to any linux nodes.
>>
>> When reverting all linux nodes and the windows node back to 1.1pre9, then
>> there is no issue, all while using the identical config files.
> What errors did tinc log when the Windows node failed to connect?
>
> I did some tests myself and found a problem that might or might not be what you
> experienced, and that is that there have been some changes in recent versions
> of the OpenSSL library that cause public ECDSA keys to be written slightly
> different than with older versions. This is a big problem of course, so I will
> likely switch to Ed25519 keys, and have an embedded copy of the reference
> implementation of the Ed25519 and Curve25519 code from Dan J. Bernstein
> (similar to what OpenSSH does).
>
I started a separate email thread describing the issue, but it must have
been passed over, or I sent it wrong. For brevity here's a link I
googled of the email.
http://permalink.gmane.org/gmane.network.tinc.user/2171
-Lance
More information about the tinc
mailing list